SQL Injection Attacks Rise as Hackers Go for the Money

Hacking used to be a much more honorable ‘profession’ back in the good old days, when spotty-faced teenage geeks would compete with each other to see how many websites they could deface with flashing messages like “H@X0rs Rulez”.

But those days are long gone, and hacking has become an altogether shadier activity, with one goal in mind – to make steal data and use it to make money.

This much is clear following a huge increase in the number of SQL injection attacks on websites today, as reported by FireHost last month.  According to the web hosting provider, the number of such attacks on its client’s websites rose by a staggering 69% in the last three months.

Hackers are able to obtain secure data including passwords and extremely valuable credit card information from websites by using a false SQL database to input commands into its interface, and according to FireHost they are quickly becoming the professional hacker’s weapon of choice.

FireHost revealed that while cross-site scripting and directory traversal attacks (both of which are considered to be ‘easier’ to perform) remain the most popular methods of gaining access to secure data, SQL injection is fast catching up, with the number of instances jumping from 277,770 confirmed attacks in the first quarter of this year, to 469,983 in the second quarter.

Despite being harder to pull off, SQL injection attacks have the potential to cause havoc when the hackers do succeed, often grabbing headlines for the sheer number of users they can harm, such as when 450,000 Yahoo Voices passwords were compromised last month, or when LuzSec hacked into Sony in June.

Another big issue with SQL injections is that they are very hard to detect – unless they’re advertised – meaning that hackers can very often obtain credit card data and steal money, and the victims will never know how it happened.

FireHost warns that the number of SQL attacks is likely to rise, and so the responsibility falls of the shoulders of webmasters to ensure that they do not become a victim. Attacks are not easy to detect, but there are a number of warning signs that webmasters can look out for, including a high incoming request rate, suspiciously high levels of traffic from unexpected countries (like China, Indonesia etc), and also ‘fingerprints’ such as specific strings in generated SQL fragments used in SQL injection, which are left behind in traffic records following an attack.

Blocking attacks isn’t easy, but it’s becoming clear that hacking simply to deface a website is no longer the main motive, and any website that falls victim to this kind of attack could easily see its credibility destroyed.