SQL attacks mushroom against company websites
Tuesday, March 17, 2009
A huge jump in the number of SQL attacks at the end of 2008 has security experts warning that popular web applications are being left unprotected.
SQL attacks are typically designed to steal customer data from user-facing e-commerce websites. But last June cybercriminals launched a new way to automate attacks and use them to plant infections on PCs, security experts said.
One major network security firm with large corporate clients said it identified 25,000 daily SQL attacks last summer, but by October the number of attacks was reaching 450,000 a day.
The SQL attacks are targeted at security flaws in web applications such as video, music, photos and other popular files for sharing among users.
For the first five months of 2008, the security company helped clients defend about 5,000 SQL attacks a day. Last June, the number of attacks had risen five-fold and then again exponentially more by October.
Another security firm found 780,000 malicious web pages last April from a single SQL injection attack. Experts said 2008 saw a more than 300 percent rise in malicious attacks.
Related News:
Conficker still a threat to web security - 3.18.2010
The Conficker worm was by far the most notorious piece of malware in 2009 for several reasons. Not only did it receive media attention and infect more computers than any other strain, according to Katonda, a business technology website, it reminded web security professionals of bygone days when major epidemics were the norm.
Network security update not responsible for crashes - 2.24.2010
Reports of the so-called "blue screen of death" following the installation of the latest Microsoft security update are the result of malware, not a defect in the update.
Botnets and Chuck Norris take aim at network security - 2.22.2010
Last week, word spread of the Kneber botnet compromising more than 2,000 computers worldwide. With the start of a new week comes more malware attacks plaguing the web community. The so-called "Chuck Norris" botnet is attacking routers and DSL modems by guessing commonly used passwords.
Web security company warns of scareware's risk - 2.19.2010
The rise in scareware attacks and cyber criminal behavior in general forced DynaSis, an IT services company, to issue a warning to its users about the threat of fake anti-virus software infecting their computers on Friday.
Age-old trick with brand-new target - 1.18.2010
Cyber criminals have turned to a scam from the early days of the internet to target the growing smartphone market: Trojan phone dialers.
|
