SQL injection attacks against banks on the rise

SecureWorks announced that it has seen a dramatic increase in the number of hacker attacks attempted against its banking, credit union and utility clients in the past three months using SQL Injection. “From January through March, we blocked anywhere from 100 to 200 SQL Injection attacks per day,” said SecureWorks CTO Jon Ramsey. “As of April, we have seen that number jump from 1,000 to 4,000 to 8,000 per day,” said Ramsey.

“The majority of the attacks are coming from overseas,” said Ramsey. “And although we certainly see a higher volume with other types of attacks, what makes the SQL Injection exploits so worrisome is that they are often indicative of a targeted attack.” This is a type of attack where the hacker has targeted a particular organization, versus a worm which spreads indiscriminately.

“Depending on the sophistication of the attacker, the online criminal can potentially gain access to a bank or utility company’s key customer databases containing social security numbers, account numbers, credit card numbers, email addresses, etc,” continued Ramsey.

SQL Injection is a type of security exploit in which the attacker adds Structured Query Language (SQL) code to a Web form input box to gain access to an organization’s resources or to make changes to data. Using this technique, hackers can determine the structure and location of key databases and can download the database or compromise the database server. “What makes this vulnerability so pervasive is that SQL Injection attacks can prey on all types of Web applications – even those as simple as a monthly loan payment calculator or a ‘signup for our customer newsletter’ form,” said Ramsey.

“SQL Injection is successful only when the web application is not sufficiently secured,” said Ramsey. “Unfortunately, the majority of websites and web applications are not secure. Thus, we are advising all organizations to use ‘input validation’ for any form to ensure that only the type of input that is expected is accepted.”

Additionally, it is important to note that protecting against a SQL Injection attack also requires organizations to not only protect their web applications but also the web server on which the web application is running, the database from which the web application is retrieving information, and the operating systems upon which the web servers, applications and database reside.

A Network Intrusion Prevention System and Host Intrusion Prevention System can offer many of these protections, especially if they are being monitored by a 24x7x365 security team that can stay on top of the newest types of SQL Injection attacks, as there are new variances being released all the time.