SQL Injection vẫn là lỗi phổ biến nhất trong nửa đầu năm 2013
Reference: http://www.securityweek.com/sql-injection-most-common-vector-data-breaches-first-half-2013-ibm
New research from IBM's X-Force team names SQL injection as the most commonly traveled pathway to a successful breach during the first half of 2013.
According to IBM, 26 percent of the hundreds of breaches it examined this year were linked to SQL injection.
"Based on the incidents we have covered, SQL Injection (SQLi) remains the most common breach paradigm," according to the X-Force 2013 Mid-Year Trend and Risk report. "We have not been surprised by this as SQLi is the most direct way to gain access to records in the database. In terms of return on exploit, SQLi is an effective attack of opportunity, where automated scripts can scan wide ranges of potential targets that run common web application software with known SQLi vulnerabilities."
Those vulnerabilities represent however only a portion of the threat landscape for enterprises. According to the report, IBM has tracked more than 4,100 publicly-reported new security vulnerabilities during the first half of the year. If this trend continues for the remainder of the year, the vulnerability count will be roughly the same as the 8,200 new vulnerabilities reported in 2012.
"Known vulnerabilities left unpatched in Web applications and server and endpoint software, create opportunities for attacks to occur," blogged Robert Freeman, manager of X-Force Research at IBM. "These unpatched applications and software continue to be facilitators of breaches year after year."
According to Freeman, attackers continue to look towards exploiting trusted relationships via social networks as well.
"Criminals are selling accounts on social networking sites, some belonging to actual people whose credentials were compromised, others fabricated and designed to be credible through realistic profiles and a Web of connections," he wrote. "As a minimum they function to inflate page ‘likes’ or falsify reviews; though more insidious uses include hiding one's identity to conduct criminal activities – the online equivalent of a fake ID, but with testimonial friends, adding to the deception."
Additionally, attackers use social networks to generate false interest around brands through likejacking, planting contrived product reviews or helping content go viral. For example, Facebook's own page lost 125,000 likes after the company began a campaign to purge fake accounts. Twitter is impacted by this type of activity as well. Earlier this year, researchers at Barracuda Networks noted that the market for buying Twitter followers had grown increasingly competitive, with the price per thousand followers falling from $18 in 2012 to $11 this year.
Malicious links posted on social media accounts are one of the tactics attackers can use to lure victims to compromised sites as part of watering hole attacks.
"Attackers focusing on a central, strategic target like special interest Websites that are heavily frequented by a select group of potential targets are an effective and optimized means of exploitation," explained Freeman. "These central targets may not always have strong security solution and policies deployed, and even if they do, the cost of figuring out how to get through them is worth the opportunity to compromise the user-base."
"These “watering hole” attacks are a great example of how operational sophistication is being used to reach targets not previously susceptible. By compromising the central site and using it to serve malware, attackers are able to reach more technically savvy victims who may not be fooled in phishing attempts, but would not suspect that sites they trust could be malicious."
IBM urged organizations to focus their vulnerability management efforts on minimizing the threat they face by reducing the potential attack surface.
"The attack surface is represented by those vulnerabilities that are most accessible to potential attackers," the report notes. "The accessibility of vulnerability to attack is defined primarily by the context of the network in which it resides. To make vulnerability management more effective, techniques that incorporate network context into the process need to be applied."
New research from IBM's X-Force team names SQL injection as the most commonly traveled pathway to a successful breach during the first half of 2013.
According to IBM, 26 percent of the hundreds of breaches it examined this year were linked to SQL injection.
"Based on the incidents we have covered, SQL Injection (SQLi) remains the most common breach paradigm," according to the X-Force 2013 Mid-Year Trend and Risk report. "We have not been surprised by this as SQLi is the most direct way to gain access to records in the database. In terms of return on exploit, SQLi is an effective attack of opportunity, where automated scripts can scan wide ranges of potential targets that run common web application software with known SQLi vulnerabilities."
Those vulnerabilities represent however only a portion of the threat landscape for enterprises. According to the report, IBM has tracked more than 4,100 publicly-reported new security vulnerabilities during the first half of the year. If this trend continues for the remainder of the year, the vulnerability count will be roughly the same as the 8,200 new vulnerabilities reported in 2012.
"Known vulnerabilities left unpatched in Web applications and server and endpoint software, create opportunities for attacks to occur," blogged Robert Freeman, manager of X-Force Research at IBM. "These unpatched applications and software continue to be facilitators of breaches year after year."
According to Freeman, attackers continue to look towards exploiting trusted relationships via social networks as well.
"Criminals are selling accounts on social networking sites, some belonging to actual people whose credentials were compromised, others fabricated and designed to be credible through realistic profiles and a Web of connections," he wrote. "As a minimum they function to inflate page ‘likes’ or falsify reviews; though more insidious uses include hiding one's identity to conduct criminal activities – the online equivalent of a fake ID, but with testimonial friends, adding to the deception."
Additionally, attackers use social networks to generate false interest around brands through likejacking, planting contrived product reviews or helping content go viral. For example, Facebook's own page lost 125,000 likes after the company began a campaign to purge fake accounts. Twitter is impacted by this type of activity as well. Earlier this year, researchers at Barracuda Networks noted that the market for buying Twitter followers had grown increasingly competitive, with the price per thousand followers falling from $18 in 2012 to $11 this year.
Malicious links posted on social media accounts are one of the tactics attackers can use to lure victims to compromised sites as part of watering hole attacks.
"Attackers focusing on a central, strategic target like special interest Websites that are heavily frequented by a select group of potential targets are an effective and optimized means of exploitation," explained Freeman. "These central targets may not always have strong security solution and policies deployed, and even if they do, the cost of figuring out how to get through them is worth the opportunity to compromise the user-base."
"These “watering hole” attacks are a great example of how operational sophistication is being used to reach targets not previously susceptible. By compromising the central site and using it to serve malware, attackers are able to reach more technically savvy victims who may not be fooled in phishing attempts, but would not suspect that sites they trust could be malicious."
IBM urged organizations to focus their vulnerability management efforts on minimizing the threat they face by reducing the potential attack surface.
"The attack surface is represented by those vulnerabilities that are most accessible to potential attackers," the report notes. "The accessibility of vulnerability to attack is defined primarily by the context of the network in which it resides. To make vulnerability management more effective, techniques that incorporate network context into the process need to be applied."