Hackers attack banks, credit unions and utilities

Date: July 19, 2006
Source: biz.yahoo.com
By: PR

SecureWorks, a leading Managed IT Security Services Provider, announced that it has seen a dramatic increase in the number of hacker attacks attempted against its banking, credit union and utility clients in the past three months using SQL Injection (a type of Web application attack). "From January through March, we blocked anywhere from 100 to 200 SQL Injection attacks per day," said SecureWorks CTO Jon Ramsey. "As of April, we have seen that number jump from 1,000 to 4,000 to 8,000 per day," said Ramsey.

"The majority of the attacks are coming from overseas," said Ramsey. "And although we certainly see a higher volume with other types of attacks, what makes the SQL Injection exploits so worrisome is that they are often indicative of a targeted attack." This is a type of attack where the hacker has targeted a particular organization, versus a worm which spreads indiscriminately.

"Depending on the sophistication of the attacker, the online criminal can potentially gain access to a bank or utility company's key customer databases containing social security numbers, account numbers, credit card numbers, email addresses, etc," continued Ramsey.

SQL Injection is a type of security exploit in which the attacker adds Structured Query Language (SQL) code to a Web form input box to gain access to an organization's resources or to make changes to data. Using this technique, hackers can determine the structure and location of key databases and can download the database or compromise the database server. "What makes this vulnerability so pervasive is that SQL Injection attacks can prey on all types of Web applications - even those as simple as a monthly loan payment calculator or a 'signup for our customer newsletter' form," said Ramsey.
Original article

---

Add comment  Email to a Friend

Discussion is closed - view comments archieve

2006-07-23 07:02:23 - lotto garbaa

Total 1 comments