Back To The Blog

SQL Injection Issues: Same Achilles Heel 15 Years Later

Uncategorized / April 22 , 2014

A Q&A with Michael Sabo of DB Networks
Every month there seems to be some major company that suffers a catastrophic breach of their network, and the investigation very often confirms that the bad guys exploited a SQL issue. Yet SQL injections have been the method of choice for hackers for more than a decade. To find out why networks are still vulnerable and what companies can be doing to better protect themselves from this risk exposure, I spoke to Michael Sabo, VP of marketing for DB Networks, which creates behavioral analysis technology solutions.

The SQL injection attacks the database, which is where the crown jewels of any company are stored.

Please explain in layperson terms why SQL exploits are the dominant means for hackers to breach corporate networks.
If I had to explain it in a very basic way, it would be this: Let’s say you get a traffic ticket and you are required to go to court. When you get there, there’s a computer terminal that asks you to type in your first and last name and you put Mark Greisiger, You Are Now Free to Go. When the judge calls your name, he will essentially be telling you that you can leave. That’s what a SQL injection does: it’s an instruction entered into a data field. The SQL injection attacks the database, which is where the crown jewels of any company are stored, whether it’s financial or personal information or intellectual property. Barclays estimates that 97 percent of all records breached involved SQL attacks somewhere along the chain. It’s like asking why rob a bank? Well, that’s where the money is.

SQL injection exploits have been happening for more than a decade. Why are we not able to stop them?
It feels like it would be simple to stop, but it’s a tough problem. Most companies don’t understand the threat or if they do they haven’t put the right measures in place. While a lot of work has been done to limit vulnerability these attacks are still happening every day and it’s actually escalating because now there are automated tools to conduct them. On average every website is supposedly subjected to 70 (not necessarily successful) attacks a day. One problem is that most people look to harden the site at the perimeter and assume they will be protected. It will certainly help but it won’t completely stop an attack. Most hackers can get through any perimeter device in a half hour. Namely this is because perimeter security is based on signature files and black lists. Hackers use utilities to hide the attack (called obfuscation) such that the perimeter security measures don’t recognize it as an attack.

What are some proactive loss control safeguards a company can deploy to mitigate this exposure?
With the proper monitoring you could see attacks immediately and stop them cold. You want a product that works inside the system. DB Networks, for example, offers the IDS-6300 to do that. It works at the core, in front of the database. By the time we see an attack it has penetrated the perimeter, but since we do behavioral analysis, which tracks the normal traffic in the application and database and uses that as a model, we can recognize when a SQL statement comes through and when it’s an attack. We also do continuous monitoring, and most companies have never done that before. For example, if companies like Target had a system like ours, it would have alarmed as soon as the first record was breached, but to this day they can’t describe exactly what happened and why they were unable to see the attack. Finally, our product keeps forensic records so you can tell what happened.

In summary…
Mr. Sabo summarizes many of the issues that create cyber risk as it pertains to breaches of PII triggered by an exploited SQL database. The SQL injection exploit is continuously listed as one of the top threats facing most web applications. Many organizations develop their own internal applications. However, due to limited budgets, they might not conduct the thorough testing needed to determine whether the new code is exploitable. The allure of SQL is that it converses with the database, so as businesses continue to build and rely on internal applications — including third party cloud-based systems — one can expect that this issue will not be going away.

See also our prior Junto interview on SQL injection issue with Brandon Williams.

Related Blog Posts

10 Cybersecurity Tools Every Small-Medium Business Should Have in Their Arsenal

What You Need to Protect Your Data

SMBs have unique cybersecurity risks that should be managed with appropriate tools. Here are the top tools and some mistakes to avoid when implementing them.

Continue Reading

8 Things Every Business Should Know About Cybersecurity

Top Tools and Tips for Cyber Risk Management

Cyber risk is always evolving but every business needs to understand the fundamental threats they face as well as the key tools for risk assessment and mitigation that can help them improve their cybersecurity posture.

Continue Reading

From Afghanistan to Ransomware

A Q&A with Melissa Ventrone of Clark HIll

As an attorney in the cybersecurity and privacy space, Melissa Ventrone draws on her military background to keep clients calm, manage complex logistics, and help them mount a successful incident response.

Continue Reading
Visit Our Blog

Download 2023 Cyber Claims Study

The annual NetDiligence® Cyber Claims Study uses actual cyber insurance reported claims to illuminate the real costs of incidents from an insurer’s perspective.

Download
Solutions
About
Contact

P.O. Box 204
Gladwyne, PA 19035
610.896.9715

© 2024 NetDiligence All Rights Reserved.