SQL Injection set a record for attacking databases
The number of database attacks (databases) has reached a record number this year when hackers see this as "a sweet honey jar" of personal and financial information. user.
Security firm SecureWorks said it detected 8,000 attacks on databases every day. Thus, this figure has increased an average of 100 to 200 attacks a day compared to the number of the first 3 months.
Statistics of SecureWorks are statistics from the database system of more than 1,300 customers using its security services solutions.
SecureWorks said hackers - primarily using computers in Russia, China, Brazill, Hungary and South Korea - now share a method called SQL Injection in attacks on databases.
Jon Ramsey, chief technology officer of SecureWorks, said hackers will first use Google to search for sites that contain active input forms. This is the focal point for them to be able to send information to the target database.
Meanwhile, many web applications often do not check input information from input forms. This helps hackers insert malicious SQL code into the database. From there, hackers can use tools to gather information from certain tables and columns in the database.
The next step in attacking the database is that hackers will insert code that controls the database server to download other software on the Internet to help them gain higher control over the target.
SQL Injection is a very specific type of attack and is often a single target for each attack. Because of this, attacks like these often do not get the same attention as viruses or worms.
Expensive damage
Silently like that but the damage of these attacks is very large. If a database server is hijacked by hackers, there will be a huge amount of personal financial information of users falling into their hands. And if successful, it can be said that the information that hackers get is much more than phishing attacks. Hackers do not have to forge public attempts to trick users into providing financial personal information. The success rate of SQL Injection attacks is often very high.
" We are not currently in the age of computer worms, but we are in an era of zero-day errors and very specific targeted attacks ," Ramsey said.
Enterprises need to seriously review their database system security before becoming victims of SQL Injection attacks.
Visa International and MasterCard International are also working to revise security guidelines for accepting credit card payments to combat SQL Injection attacks.
One of the most famous SQL Injection attacks is the attack on CardSystems Solutions, a hosting company that has a credit card payment database. The hackers used a SQL Injection attack to hijack CardSystems' database system and move the entire database out. About 40 million credit cards fell into their hands, causing millions of dollars in losses.
Hoang Dung
- Technology for injecting laser drugs is not painful
- Why not rub your hands on the injection site?
- New injection for cancer treatment
- The unknown is about electronic fuel injection technology
- Google makes memory fades away
- Painless injection technology
- Create cow embryos from sperm injection into eggs
- 5 ways to 'spell' the body
- Technology to thin Microsoft's products that Apple needs to learn
- Automatic syringes
- Injecting saline water helps treat lower back pain than steroids
- 32 people set themselves on fire to set a world record