Hacking away at IT security
In an article for SCmagazine, Darryl Gordon from Breach Security provides his own insight as to how hacking has evolved in the IT security field. Gordon says, “SQL injection remains the number one attack vector, accounting for nearly one-fifth of all data breaches according to [a Breach Security] 2009 Web Hacking Incident Database (WHID) report for the first half of 2009.” These hacks attack the data of back-end databases, altering them with scripts that enable hackers to obtain personal and financial information. Gordon say that e-commerce websites that use back-end databases are a target and hackers use SQL injections to steal, hold or destroy customer data.
Hacking of social networking sites is growing tremendously. “In previous years, these types of attacks barely registered, but we have seen that in the first half of 2009, social networking sites are the fastest growing target base for the bad guys and rank just below SQL attacks,” said Gordon. He believes that this trend will continue, and the reason for this is due to hackers going to where users are to get financial data. Because social networking sites do not have strong security safeguards to protect site users from attacks, it makes them even more of an appealing target. Gordon says that it is important to have your web application security in order and that it is easy for someone to exploit a web application vulnerability to plant malware and infect clients visiting the site.
Click here to read Darryl Gordon’s article in its entirety.
A new report by Websense indicated that there was a 671 percent growth in the number of malicious sites in the past year. Seventy-seven percent of websites containing malicious code are on compromised legitimate websites. Thirty-seven percent of malicious attacks include data-stealing code and in the first half of 2009, 57 percent of data-stealing attacks were on the Web. According to the Websense Chief Technology Officer Dan Hubbard, “The last six months have shown that malicious hackers and fraudsters go where the people are on the Web—and have heightened their attacks on popular Web 2.0 sites and continued to compromise established, trusted Web sites in the hope of infecting unsuspecting users.”
How has the IT security landscape evolved? Tell us on Twitter @ITInfoForum