Commenting on reports that the so-called `Lilupophilupop.com’ SQL injection attack has now compromised more than a million sites, Imperva says the fact that the number of site comprises has soared in just a few weeks highlights the issue that SQL attacks are still a major problem for companies hosting Web sites and their users.
According to Rob Rachwald, Director of Security Strategy with the data security specialist, SQL injection is now the most pernicious vulnerability in human computer history.
“Over the last six year years, our research has shown that SQL injection has been responsible for 83 per cent of successful hacking-related data breaches and – as incidents like this confirm – the trend is clearly rising. Perhaps worse, with hackers automating their attacks, no-one who hosts a Web application is immune,” he said.
“Our report of last September (http://bit.ly/vxB5uI) found that Web applications suffered an average of 71 SQL injection attempts every hour – that’s more than one a minute. Specific applications, meanwhile, were found to occasionally be under aggressive attack, with peaks of between 800 and 1,200 attacks an hour – i.e. one attack every 3.0 to 4.5 seconds,” he added.
Rachwald explained that defending against SQL injection attacks is no easy task, since databases are integral components of Web applications.
“The bottom line here is that IT security professionals need to understand there is – as the 1.07 million site compromises identified by our colleagues at the SANS Institute so clearly shows - a definite need for installing and using automated SQL injection attack security software if you host and code your own Web site.”