September 20, 2011

Imperva's Hacker Intelligence Initiative has put out a 4th report.  This time, our focus is SQL injection. The report is available here (no registration required).  We also recorded a video explaining our results.

As we have written before, SQL injection is the most pernicious vulnerability in human computer history.  From 2005 through today, SQLinjection has been responsible for 83% of successful hacking-related data breaches.  Using data from Privacyrights.org, we checked the data breaches from 2005 to today.  There were 312,437,487 data records lost due to hacking with about 262 million records from various breaches including TJMax, RockYou and Heartland, all of which were SQL injection attacks.

We found, since July, the observed Web applications suffered on average 71 SQLi attempts an hour. Specific applications were occasionally under aggressive attacks and at their peak, were attacked 800-1300 times per hour.

SQLinjection

We also found:

  • Attackers increasingly bypass simple defenses. Hackers are using new SQLi attack variants which allow the evasion of simple signature-based defense mechanisms.
  • Hackers use readily available automated hacking tools. While the attack techniques are constantly evolving, carrying out the attack does not necessarily require any particular hacking knowledge. Common attack tools include Sqlmap and Havij.
  • Attackers use compromised machines to disguise their identity as well as increase their attack power via automation. To automate the process of attack, attackers use a distributed network of compromised hosts. These “zombies” are used in an interchangeable manner in order to defeat black-listing defense mechanisms.
  • About 41% of all SQLi attacks originated from just 10 hosts. Again, we see a pattern where a small number ofsources are responsible for a majority of attacks.
Share:

Posted by Imperva Blogger at 06:50:18 PM


Tags:

Comments

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.