Malicious actors continue to deploy SQL injection (SQLi) attacks to carry out their cybercriminal activities. The Threat Research team at Akamai designed a technique to categorize these attacks by examining attack payloads and determining the intent behind each attack. They analyzed 8 million SQLi attacks over a seven-day study period from Akamai's Kona Site Defender web application firewall (WAF) and distilled the information, identifying the observed attacks and their goals, as well as pertinent attack stats from the study. This presentation offers a quick view of the results. Get more details in the full State of the Internet Security Report at http://bit.ly/1KfWTrG
Original Title
Cruel SQL Injection | Web Application Attacks | Summary
Malicious actors continue to deploy SQL injection (SQLi) attacks to carry out their cybercriminal activities. The Threat Research team at Akamai designed a technique to categorize these attacks by examining attack payloads and determining the intent behind each attack. They analyzed 8 million SQLi attacks over a seven-day study period from Akamai's Kona Site Defender web application firewall (WAF) and distilled the information, identifying the observed attacks and their goals, as well as pertinent attack stats from the study. This presentation offers a quick view of the results. Get more details in the full State of the Internet Security Report at http://bit.ly/1KfWTrG
Malicious actors continue to deploy SQL injection (SQLi) attacks to carry out their cybercriminal activities. The Threat Research team at Akamai designed a technique to categorize these attacks by examining attack payloads and determining the intent behind each attack. They analyzed 8 million SQLi attacks over a seven-day study period from Akamai's Kona Site Defender web application firewall (WAF) and distilled the information, identifying the observed attacks and their goals, as well as pertinent attack stats from the study. This presentation offers a quick view of the results. Get more details in the full State of the Internet Security Report at http://bit.ly/1KfWTrG
Attackers change the logic of SQL statements executed against a database Although not new, SQL injection (SQLi) attacks continue to pose cloud security risks
Attackers may use the original or more evolved SQLi exploitation
methods
Automated injection tools streamline and simplify the
process
2 / [The State of the Internet] / Security (Q1 2015)
= SQLi attack categorization
Akamais Threat Research team developed a
technique to categorize SQLi attacks This technique involved analyzing individual attack payloads and determining intent behind each one The data included more than 8 million SQLi attacks targeting more than 2,000 unique web applications over a period of seven days
3 / [The State of the Internet] / Security (Q1 2015)
= SQLi attack types
Malicious actors typically assess a web application for
vulnerability to SQLi The database structure is probed so that the attacker can retrieve contents remotely The login mechanism is bypassed, allowing the attacker to escalate privileges
A common and classic payload would be to send the payload OR 1=1
as the user name, then attempting to escalate privileges by logging in with user name admin or 1=1--.
4 / [The State of the Internet] / Security (Q1 2015)
= SQLi attack types (continued)
Other SQLi attack types can include
Credential theft Data and file exfiltration Denial of Service (DoS) Data corruption Malicious file upload Website defacement and malicious content injection Remote command execution
5 / [The State of the Internet] / Security (Q1 2015)
= SQLi probing and testing
The most common SQLi attack over the seven-day study
period was SQLi probing and injection testing. As a first step, malicious actors will assess all entry points of a web application in search for a vulnerability The attacker will send a wide range of characters with syntactic meaning in SQL as well as blind-injection related Boolean sequences or timed queries These queries naturally results in large volumes of traffic
Nearly 60 percent of HTTP transactions are attributable to these
probing attempts
7 / [The State of the Internet] / Security (Q1 2015)
= summary
Malicious actors use a variety of SQLi techniques to
perform different tasks
These attacks can extend well beyond simple data
exfiltration, and have the potential to cause more damage than a data breach
It is not safe to assume that SQLi attacks lead only to data
theft
Privilege escalation, command execution, data infection or
corruption, and denial of service are among the many ways these attacks can harm your business
8 / [The State of the Internet] / Security (Q1 2015)
= Q1 2015 State of the Internet Security Report
Download the Q1 2015 State of the Internet Security Report The Q1 2015 report covers:
Analysis of DDoS and web application attack trends
Bandwidth (Gbps) and volume (Mpps) statistics Year-over-year and quarter-by-quarter analysis Attack frequency, size, types and sources Security implications of the transition to IPv6 Mitigating the risk of website defacement and domain hijacking DDoS techniques that maximize bandwidth, including booter/stresser sites Analysis of SQL injection attacks as a persistent and emerging threat
9 / [The State of the Internet] / Security (Q1 2015)
= about stateoftheinternet.com
StateoftheInternet.com, brought to you by Akamai,
serves as the home for content and information intended to provide an informed view into online connectivity and cybersecurity trends as well as related metrics, including Internet connection speeds, broadband adoption, mobile usage, outages, and cyber-attacks and threats.
Visitors to www.stateoftheinternet.com can find current and
archived versions of Akamais State of the Internet (Connectivity and Security) reports, the companys data visualizations, and other resources designed to put context around the ever-changing Internet landscape.
10 / [The State of the Internet] / Security (Q1 2015)