SQL injection attacks jumped 69% in Q2

SQL injection attacks increased to 469,983 attacks in the second quarter from 277,770 in the previous quarter, based on the number of attacks blocked by FireHost’s cloud security product.

SQL injection involves the entering of malicious commands into URLs and text fields on websites that are vulnerable in an attempt to steal the contents of databases storing data such as credit card details or usernames and passwords, FireHost explained.

Chris Hinkley, senior security engineer at FireHost attributed the increase SQL injection attacks to the failure to include security measures in the software development process. “SQL injection is considered a low-hanging fruit. By deploying proper coding practices, that kind of vulnerability can be avoided altogether”, he observed.

“Security is not embedded in the software development lifecycle in such a way that it prevents these types of vulnerabilities from making their way into production code”, he added.

At the same time, cross-site scripting (XSS) attacks declined quarter over quarter, a trend that Hinkley attributed to improved browser security, among other factors.

In its quarterly report, FireHost also tracks directory traversal and cross-site request forgery attacks (CSRF). Overall, directory traversal made up 43% of attacks blocked by FireHost in the second quarter, followed by XSS with 27%, SQL injection at 21%, and CSRF with 9%. This compared with XSS at 40%, directory traversal at 38%, CSF at 12%, and SQL injection at 10% in the first quarter.

“There are quite a few automated attack tools that allow someone to specify a target, press a button, and then cause a lot of damage to the target organization by getting all their database information that is not meant for public consumption”, Hinkley said.

The majority of attacks FireHost blocked during the second quarter came from the US (83%). Southern Asia came in second with 8%, while Europe was third, as the origin of 6% of malicious attack traffic.

“In terms of protecting websites…the primary goal should be to eliminate the low-hanging fruit and to change any defaults that exist…to remove yourself from a list of opportunistic targets”, Hinkley concluded.

What’s Hot on Infosecurity Magazine?