SQL Injection Attacks Mounting on Web Applications

IBM Internet Security Systems has revealed that cyber crooks are circulating unidentifiable infections on the Internet by targeting hundreds of thousands of Web sites per day with SQL injections, wherein malicious code is inserted into strings which are later injected into a SQL Server.

The security firm noted Web applications as one of the most vulnerable components that an organization could have. SQL injection is the most rapidly growing category of attacks targeting Web applications. These assaults exploit the security vulnerabilities in the Web applications like music, photos, video and various other popular files that are usually shared among the users.

SQL injection attacks are extremely dangerous. The security experts elaborated that while an online user clicks one of the Web sites which has been infected by SQL injections, he might fail to notice anything. But in reality, from the same instant his PC would get turned into a harmful machine that would launch attacks on other systems via Internet.

According to IBM, this trend of increased SQL attacks begun during the summers of 2008 and is constantly accelerating. It stated that last summer 25,000 SQL attacks were detected per day. During January-May 2008, the security firm helped users to protect around 5,000 SQL injection attacks per day. In June 2008, five-fold increase was seen in the number of such attacks and then again an exponential increase was seen in October, which took the number of attacks to 450,000 per day.

IBM identified 50% more infected Web pages in the final three months of 2008 as compared to 2007. This big leap in the number of SQL attacks towards the end of 2008 implies that popular Web applications are going vulnerable.

SQL attacks are traditionally intended to steal the clients' data from user-facing e-Commerce Web sites. However, in June 2008, cyber criminals launched a different way to trigger attacks and utilized these SQL injections to plant infections on PCs.

Thus, the security experts have suggested users to keep updates to make the browser current; however, most of the users do not follow this suggestion. These updates contain security patches which can successfully block such infections.

Related article: SoCal Computer Hack Traces to Watsonville

» SPAMfighter News - 3/21/2009