The second threat identified in our 2013 top five list is the problem of SQL injection attacks. Readers with long memories may recall that SQL first became an industry standard way back in 1986, since when it has been central to RDBMS/database software – and also poses a juicy target for all manner of cybercriminals.
This was illustrated in May of 2012 when a Symantec engineer spotted a mass SQL injection series of attacks in progress.
The Lizamoon mass SQL attack vector was, of course, well used by cybercriminals and the principle behind the attack vector is that hackers exploit vulnerable Web sites using an SQL-injection attack, which will then direct users to other sites containing malicious code.
Mitigating the Lizamoon attack – as with all SQL-based IT aggressions – is not as easy as some vendors claim, as there are only a handful of products out there that were designed to secure databases.
Of those that there are, however, users report them to be effective security products. Each database install is different and to secure them, it is clear that the layout and structure must be understood.
All database admins should undergo thorough security training on a regular basis so that they can understand the threats and learn what techniques can be used for mitigation.
Compromised and malicious Web sites
The third issue in our top five list of threats includes the recurrent problem of compromised and malicious Web sites. Whilst graphical Web sites have been ‘around' since the mid-1990s, it has taken the evolution of HTML5 and other Web technology advances to shift the threats/solutions balance up by more than a gear or two – and sadly in favour of the cybercriminals and hackers.
This was illustrated quite clearly back in June of 2012, when Symantec's security response operation spotted a malformed Web page flaw - CVE-2012-1875 - being exploited in the wild. At the time, researchers noted that Microsoft - in its recent security bulletin summary for June - released security bulletin MS12-037, which is a critical security update covering Internet Explorer version 6 through 9.
A month earlier, in May of 2012, Amnesty international suffered a similar attack on its UK Web site, with hackers using a two-pronged vector based on Bloodhound.Exploit.466 and the IPS Signature Web Attack. The executable seen in the Amnesty International attack was Trojan.Naid, a remote access trojan first seen back in January 2010 which listens for – and accepts – a connection from the attacker to allow remote access to the infected machine.
These types of threats continue to be cause major issues, and do not just compromise computers, but can potentially affect all manner of hardware, including wireless routers, printers, cameras and most database applications.
Next up, we have the recently evolved threat of exploit kits, of which the BlackHole kit is arguably the most well known. Despite its near-legendary status amongst hackers, this kit was first released by a Russian Hacker back in 2011, since when it has gone on to become the number one Web threat.
In June 2012, for example, several security experts spotted that the zero-day flaw (CVE-2012-1889) could be exploited using Internet Explorer. The solution to these kits is to subscribe to one of the main information feeds on kit exploits on the Internet, and use cloud information collation from your vendor to stay at least a few steps ahead of the threat pack if at all possible.
Within a week of the zero-day flaw being discovered, a Metasploit module was released by cybercriminals, allowing them to tap the exploit. Later in June, our colleagues at Sophos spotted a similar set of exploit code had been added to the BlackHole exploit kit landing page.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.