BreachExchange mailing list archives
SQL injection attacks and malware led to most data breaches
From: security curmudgeon <jericho () attrition org>
Date: Thu, 11 Feb 2010 19:44:33 +0000 (UTC)
http://blogs.zdnet.com/security/?p=5421 SQL injection attacks and malware led to most data breaches Posted by Dancho Danchev @ 5:27 pm With millions of personal records and payment card information stolen on a regular basis, several recently released reports independently confirm some of the main sources of breaches. Not surprisingly, that.s not zero day flaws, not even insiders, but good old fashioned SQL injections next to malware infections. With companies investing more resources into ensuring their networks and employees are protected against the very latest threats, some are clearly overlooking the most basic threats, usually requiring simple or average attack sophistication on behalf of the cybercriminal. Let.s review the reports detailing the true impact of SQL injections and malware in the context of data breaches. - UK Security Breach Investigations Report - An Analysis of Data Compromise Cases - 2010 7Safe.s recently released Breach Report for 2010, states that based on the analysis performed by their forensic investigations, 40% of all the attacks relied on SQL injections, with another 20%, a combination of SQL injection attacks and malware. Not only was the source of the attack external in 80% of the cases, but also, a weakness in a web interface was exploited in 86% of the cases, with the majority of affected companies operating in a shared hosting environment. [..] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Get business, compliance, IT and security staff on the same page with CREDANT Technologies: The Shortcut Guide to Understanding Data Protection from Four Critical Perspectives. The eBook begins with considerations important to executives and business leaders. http://www.credant.com/campaigns/ebook-chpt-one-web.php
Current thread:
- SQL injection attacks and malware led to most data breaches security curmudgeon (Feb 11)