Hackers Prefer SQL Injection Attack & Social Networks Websites

According to a report released by WASC (Web Application Security Consortium), hackers tend to use SQL Injection as the most common method to launch attacks. This method involves strings of data that are injected with malware and then transmitted to an SQL server for execution and parsing.

Security specialists explain that SQL Injection is frequently used to plant malicious software on Internet sites to infect users who visit those sites.

According to the report, the top attack technique of hackers is conventional SQL Injection, which accounted for 19% of the total incidents, followed by inadequate authentication barriers at 10% and then numerous unresolved incidents considered due to unknown causes at 10%.

Other important methods of exploitation used during 2009 were DOS attempts and content spoofing in automated attacks. Majority of these attacks were motivated by profit. Hackers used various exploits to make financial gains, such as information theft and data leakage at 26%, monetary loss -11%, link spam -4% and phishing -2%. However, there were attacks motivated by ideological objectives like website defacement (28%) and disinformation (19%).

The report further pointed out that Facebook and Twitter (social-networking websites) were the sites receiving the maximum attacks in place of government websites that had topped the list during 2008.

More specifically, according to the report, social-networking websites emerged as the sector that was most targeted, accounting for 19% of the cases that remarkably rose over previous years when there was no representation of this sector, and replacing law enforcement or government sites that had been attacked the largest number of times during 2008.

Jeremiah Grossman, Chief Technology Officer, WhiteHat Security, and who contributed to the WHID of the Web Application Security Consortium, said that the reason for targeting social-networking websites so often was their huge user-bases, as reported by SCMagazine on August 17, 2009.

Grossman said that a successful infection of a social-networking site could enable reaching a massive number of users.

Thus, the specialists stated that the best defense from such attacks was to use an updated web browser, as the older browser editions were easy to hack.

Related article: Hackers Redirect Windows Live Search to Malicious Sites

» SPAMfighter News - 9/5/2009