SQL attacks dominated 2008, says IBM

Cross-site scripting is just amemory.

By Ellen Messmer, Network World (US)
Published: 06:41 GMT, 03 February 09

Last year was the year of the SQL injection attack, according to IBM's Internet Security Systems X-Force 2008 Trend Statistics report.

"SQL injection, in particular, took off in 2008," says X-Force researcher Tom Cross, noting that the annual trend report concludes that 55 percent of all vulnerability disclosures made by vendors affected web applications, a number that does not include custom-developed web applications.

Of those vulnerability disclosures, SQL injection-related vulnerabilities jumped 134 percent to replace cross-site scripting as the predominant type of web application vulnerability last year.

So it comes as no surprise that attacks against websites vulnerable to SQL injection rose from an average of a few thousand per day at the beginning of 2008 to several hundred thousands per day by year end, said the IBM report.

In fact, news reports of 2008 did chronicle the occurrences of massive SQL-injection attacks that spanned the globe, sometimes causing huge disruption to organisations that had not patched applications or deployed defensive measures such as web-application firewalls.

The IBM security-trends report also identifies other notable events in 2008, including the shutdown on 11 November of the web hoster McColo by two upstream ISPs, Hurricane Electric and Global Crossing.
McColo had been a major source of spam production in the US, and its "takedown," as IBM refers to it, was an event that had an impact in terms of spam volumes.

Just days before the McColo takedown, the United States had been ranked the No. 1 spot worldwide at 14.2 percent of spam production, followed by Russia, Turkey, Spain and Brazil. But after the McColo takedown, the United States immediately dropped to third place at 8 percent, with China suddenly surging to top place at 12.7 percent, the IBM report says.

But in the mercurial world of spam production, things can change quickly and Brazil ended up as the top spam generation spot by year-end with 11.7 percent of global production. The United States stood at 8.1 percent, followed by China at 6.6 percent, Turkey at 5.7 percent and Russia at 5.7 percent. "Looks like Brazil is now taking the lead as a source of spam," Cross said.

What are your views on this subject? Use the form below to post a comment on this article up to 500 characters.

Characters remaining: 500

Related Security news

Hacker attacks on US military jump sharply in 2009

China source of most attacks, says report

21 November 2009

Microsoft denies building security 'backdoor' in Windows 7

Privacy organisations shouldn't read too much into NSA involvement it says

Pentagon expands exclusive deal with McAfee

Department of Defense uses McAfee products

Police arrest pair over global banking web scam

Man and woman arrested in Manchester for using notorious Zeus Trojan

Related Security reviews

Lumension application control review

Bit9 Parity Suite

BitDefender Total Security 2008

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Database security: Preventing enterprise data leaks at the source

IDC discusses the growing internal threats to business information, the impact of government regulations on the protection of data, and how enterprises must adopt database security best practices...

Download Whitepaper

Service-oriented security

SOA has become an integral part of enterprise software by providing a framework to efficiently develop software as services that is easily sharable, reusable, and integrated. No where is the need more apparent than in the Identity Management space. Welcome to the age of Service-Oriented Security (SOS).

Download Whitepaper

Data protection prospective vendor checklist

Organisations need a way to map business needs against all these challenges in procuring a technical solution. To help, SANS has developed the following Prospective Vendor Checklist.

Download Whitepaper

Unlock the power of the mainframe

This whitepaper presents the notion of CICS as an integration hub based on a component-based, service-oriented architecture supporting Web services. Highlights will review the challenges and contrasted support for Web services natively in CICS.

Download Whitepaper

Techworld UK - Technology - Business

COLT White Paper

Are all VoIP services the same?

Questions to ask your service provider to ensure you get the VoIP service you need
With careful choice of partner, your business can have all the advantages of VoIP access - reduced costs, flexibility and simplicity - without the drawbacks.
This white paper is your guide to ensure you get right the VoIP service and details the pitfalls which businesses would do well to avoid.

Download white paper
BMC

Ride the express lane in the journey to speed ITIL adoption

Explore the challenges in making the journey to ITIL and the criteria for selecting consulting services
By following ITIL practices, your IT organisation will become more closely integrated with the business. We recommend making the journey to ITIL in a sequence of six incremental steps, the phases of which are driven through execution of a strategic transformational roadmap.

Download white paper

Webcast: IT Financial Management: Cost Optimisation for Efficiency and Agility.
On Demand Webcast
Join this webcast to learn about the techniques and technologies that can help you prove the value of IT to the business by understanding the true cost of today's IT services and those that will be necessary to deliver future success.

Register Today

Site Map

IDG Network

* *