Time and again we urge businesses to evaluate their network security for weaknesses. The simple reason is that preventing an attack is better than sorting out the aftermath of an attack. Ongoing fallout from the LizaMoon mass SQL injection attacks in the news about a year ago has affected over a million web pages and the potential for future exploits looks likely. It is a disheartening fact that simple security measures could have prevented the effectiveness of these cyber attacks.
The LizaMoon attack infiltrated computer systems using scareware. Unsuspecting computer users downloaded fake anti-virus software, opening the door to hackers. Since the initial LizaMoon attacks began over a year ago, similar injection attacks have capitalized on the same user ignorance and sloppy network security. Recent reports of continued exploits of the same lax network security measures indicate a critical need for companies to take notice of ongoing cyber attacks and take action.
This past October, reports indicated that thousands of SMB websites had fallen prey to mass SQL injection attacks that found inroads based on irresponsible network configurations. A Google search indicated that over a million web pages were infected with the offending injected script. The similarity in approach to the LizaMoon attack is particularly troubling, because the first round of attacks didn’t result in preventative measures. Wayne Huang led the team that uncovered this particular injected script. His forecast of the potential for hackers to exploit mass SQL injection attacks is ominous:
“It’s like an Internet-wide vulnerability scan. You go out and blindly inject SQL like this into a class of Web servers like ASP.NET, and then use Google now or later to look at which sites you manage to inject your SQL into. That’s now a road map to vulnerable sites. You can go back and pick which ones might have interesting, valuable data sitting on them for you to go back and steal. So there may be more to this; this may lead to a bunch of targeted attacks on folks foolish enough to be this insecure with databases that are actually storing something that’s worth stealing.”
Only time will tell the full extent and expense of this ongoing method of cyber attack. Businesses and individuals alike should take a few moments to make certain that input validation is not disabled on their web servers. This simple measure limits the effectiveness of mass SQL injection attacks. To address this ongoing threat, companies should make it a priority obtain a professional network assessment for proper configurations and network security measures.