SQL Injection: By The Numbers
Imperva’s Hacker Intelligence Initiative has put out a 4th report. This time, our focus is SQL injection. The report is available here (no registration required). We also recorded a video explaining our results.
As we have written before, SQL injection is the most pernicious vulnerability in human computer history. From 2005 through today, SQLinjection has been responsible for 83% of successful hacking-related data breaches. Using data from Privacyrights.org, we checked the data breaches from 2005 to today. There were 312,437,487 data records lost due to hacking with about 262 million records from various breaches including TJMax, RockYou and Heartland, all of which were SQL injection attacks.
We found, since July, the observed Web applications suffered on average 71 SQLi attempts an hour. Specific applications were occasionally under aggressive attacks and at their peak, were attacked 800-1300 times per hour.
We also found:
- Attackers increasingly bypass simple defenses. Hackers are using new SQLi attack variants which allow the evasion of simple signature-based defense mechanisms.
- Hackers use readily available automated hacking tools. While the attack techniques are constantly evolving, carrying out the attack does not necessarily require any particular hacking knowledge. Common attack tools include Sqlmap and Havij.
- Attackers use compromised machines to disguise their identity as well as increase their attack power via automation. To automate the process of attack, attackers use a distributed network of compromised hosts. These “zombies” are used in an interchangeable manner in order to defeat black-listing defense mechanisms.
- About 41% of all SQLi attacks originated from just 10 hosts. Again, we see a pattern where a small number ofsources are responsible for a majority of attacks.