The SQL injection is hardly a new attack vector, but it’s emerging as one of the chief ways that hackers are able to gain access to supposedly secure data. eSecurity Planet looks at a new report that finds that not only are a majority of the UK’s online data breaches conducted via SQL injection, but that they’re growing in complexity.
Hackers used SQL injection tactics to access corporate networks in 60 percent of significant data breach incidents reviewed by 7Safe, a leading computer security and forensics consulting firm in London.
SQL injection attacks, which target vulnerable code in the database layer, have long been a nightmare for IT administrators because they’re extremely difficult to defend against in a live production environment and often require multiple patches to the installed database software.
E-commerce sites and online banking customers in December learned just how painful these new and increasingly complex SQL injection attacks can be. A new variant contaminated more than 125,000 Web sites with a Trojan known to harvest credit card and other banking information.