Since hackers first started to leverage vulnerabilities in websites there have been notable attacks on large and important corporations. Some of these attacks were against the company itself, while others were aimed at obtaining vital user information. Here are five notable SQL injection attacks that have occurred over the last five years and the consequences of these website invasions.
In 2008, many IT specialists saw a notable increase in SQL injection attacks. In fact that year was often proclaimed to be “The year of SQL” by many specialists in the field. One notable attack was against a UK based website called Autoweb. Over 500,000 web pages and the company’s database were infected. Their ranking in Google and their web visitors dropped significantly as a result of the attack and it took months for the organization to repair all of the damage that one attack caused.
The Sony PlayStation website has suffered not one, but two notable attacks within three years. The first one occurred in 2008. During this SQL attack, pop up ads appeared on certain web pages advertising a virus removal program. Not only did the software not work, it was malicious.
Sony’s website was attacked again a few years later. That time, important user information, including banking information, was collected during the attack. The system was down for months and Sony had to offer free games to subscribers in an attempt to placate angry customers and encourage them continue to use the PlayStation Website.
This popular magazine had issues with its website when it was the victim of an SQL Injection attack. When users accessed a page that listed MBA accreditations the injected code allowed a Russian website to infiltrate the viewer’s computer. The extent of the damage wasn’t determined by the time the code was discovered and removed.
Asprox SQL Injection
This is an actual type of SQL injection that has been popular over the last five years and has been the culprit behind many penetrated websites. This code exploits a vulnerability found in ASP web pages. It infiltrates the database on a website and if it isn’t discovered and removed properly it can re-infect if the hacker refreshes the code. If a site becomes a victim of this type of attack, the user input data also needs to be cleaned to prevent reinfection and complete removal of the code.
Lizamoon is another specific SQL injection. This code redirects a user’s browser to a fake security site. This site has an embedded Trojan horse that will activate if the user downloads the program onto their system. While this injection requires user interaction in order to fulfill its purpose, the fact that it is disguised as a security site lulls many users into compliance. This SQL injection reinforces the concept that consumer users need to be educated in order to protect their computers and the websites they visit.
These five notable SQL injection attacks are just a few examples of a prevalent problem. Hackers aren’t going to go away and are only going to improve in skill and sophistication. Website owners need to be vigilant regarding potential vulnerabilities in their sites and how they can be exploited by those with malicious intent.