SQL attacks on the rise

A new report into hacker antics claims that SQL injection is becoming a hot topic among the black hats.

The report, prepared by insecurity experts at Imperva, said that questions on hacker forums focused on training and tutorials for data theft techniques such as SQL injection are on the up.

However, the report, with the catchy title Intelligence Initiative report, “Monitoring Hacker Forums,” notes that less than five percent of IT budgets include products to mitigate attacks in the data centre.

Amichai Shulman, Imperva’s CTO, said that by examining what information hackers share in these forums, it is possible to understand where they are focusing their efforts.

The answer is that organisations ignore SQL injection security at their peril as hackers are placing more focus on those attacks.

Currently Denial of Service and SQL injection are the most popular attack methods.

One of these two attacks are used 19 percent per cent of the time.

However, Gartner’s Forecast: Security Infrastructure Worldwide, 2010-2016, 2Q12 Update shows $25 billion was spent on security software and network equipment in 2011. This is less than five percent of security budgets allocated to products that mitigate SQL injection attacks.

Hackers are also trying to push into social networking sites. Imperva found that Facebook, at 39 percent, and Twitter, at 37 percent, were the most frequently discussed social networks.

In reviewing social network related posts, Imperva observed a black market for buying and selling illegitimate social network likes, followers, and endorsements, with particular attention given to the origin of these likes and followers.

Most of the hacker forums were training newbies. More than 28 percent of posts were related to beginner hacking and hacker training, while another five percent related to hacking tutorials.

Both aspiring and veteran hackers frequent forums to exchange techniques, build credibility and report their hacking successes, the report said.