The analysis from Dell SecureWorks – which compares the first nine months of 2011 with the same period last year – found that SQL attacks were also high up on the hacker agenda – a technique that Jon Ramsey, the firm's CTO, said is well known, but continues to ride high as hackers will use any technique that proves to be successful over and over.
Just this spring, he added, it was reported that a hacker in Georgia used SQL Injection attacks to steal 675,000 credit card accounts, resulting in $36 million in fraudulent transactions. Cyberthieves also used SQL injection attacks in the widely publicized breach of Heartland Payment Systems, Hannaford Brothers and three other retailers, where they made off with 130 million credit card and debit cards, he noted.
Web-based exploit kit attacks were also seen in abundance, said Dell SecureWorks, which added that its systems blocked retail customers from being infected by a large number of web-based exploit kit attacks.
When a computer user encounters an exploit kit, said the firm, the kit invisibly probes the visitor’s browser or browser plug-ins for known security vulnerabilities. If vulnerable applications are found, they are used as a vehicle to silently install malicious software.
Often, added the company, this malware consists of banking trojans such as Zeus or SpyEye; downloader trojans; DDoS or spam trojans; or rogue anti-virus.
During the first nine months of the year, the firm said it blocked an average of 91,500 attacks per retail customer, as compared to 63,581 attacks per retail customer April through December 2010.
“Based on the attacks we detected in the first nine months of this year, criminals are more aggressively using the web as a primary attack vector for both clients and servers”, said Ramsey, who added that his team saw a significant increase in SQL Injection attacks against servers and exploit packs hosted on websites, which contributed to the overall rise in retail attacks.
Against this backdrop, Ramsey said that server protection requires strong secure software development practices, as well as detection and prevention controls. Client protection, he explained, requires good system hygiene and detection and prevention controls that limit exposure to attacks from malicious websites.