The company has reported that its data centres located across Europe and the US has registered more than 469,000 of SQL injection attacks between April and June 2012. The volume of these attacks in the first quarter of 2012 stood just over 277,000.
If you are not aware of the security jargon, SQL injection refers to that method of an attack in which the attacker uses specially crafted input to fool the website and inject database commands in such a way that the web application sends those commands directly to the underlying database. Attackers can extract valuable information through such attack vectors such as passwords, usernames, emails, etc.
Chris Hinkley, a Senior Security Engineer at FireHost, said “Many, many sites have lost customer data in this way.”
“SQL Injection attacks are often automated and many website owners may be blissfully unaware that their data could actively be at risk.” he added.
Because of the risk to customer data, SQL injection attacks are one of the dangerous forms of attacks and mitigation of these attacks should be of primary importance to companies who have their customer data hosted on the web. Failure to do so may result into information disclosure as in the case of LinkedIn, Gamigo, etc.
Some of the other attacks that FireHost has put in its report are Directory Traversal, Cross-site scripting and Cross-site Request forgery (CSRF).