Tuesday, 6 January 2015

IBM: Most stores In US Attacked via Command Injection

Most stores in the United States that it was the last year the target of an attack were attacked through command and SQL injection, according to a study ( pdf ) from IBM. According to the company halved the number of attacks against American chains, but there were or 61 million records stolen. Every day some 3,000 attacks would be observed, although IBM does not let you know where exactly consist. However, there was an increase in the number of attacks on cash-malware, which criminals infect the systems used by stores to checkout.

Despite several major incidents involving cash-malware played a leading role involved in most incidents in the retail sector command and SQL injection. In command injection are vulnerable applications through commands on the underlying server. SQL injection allows an attacker to execute SQL commands, making it possible for example to read sensitive data from the database.

"The complexity of SQL implementations and the lack of data validation by managers shall ensure that databases are a major target," said the researchers from IBM. Thus, command injection attacks against at nearly 6,000 stores observed. Whilst also brute force attacks and Shellshock leak used by attackers.

No comments:

Post a Comment