NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Attrition Dataloss> 2010-02

[Dataloss] SQL injection attacks and malware led to most data breaches

From: security curmudgeon (jerichoattrition.org)
Date: Thu Feb 11 2010 - 13:44:33 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://blogs.zdnet.com/security/?p=5421

SQL injection attacks and malware led to most data breaches
Posted by Dancho Danchev 5:27 pm

With millions of personal records and payment card information stolen on a
regular basis, several recently released reports independently confirm
some of the main sources of breaches. Not surprisingly, that.s not zero
day flaws, not even insiders, but good old fashioned SQL injections next
to malware infections.

With companies investing more resources into ensuring their networks and
employees are protected against the very latest threats, some are clearly
overlooking the most basic threats, usually requiring simple or average
attack sophistication on behalf of the cybercriminal.

Let.s review the reports detailing the true impact of SQL injections and
malware in the context of data breaches.

- UK Security Breach Investigations Report - An Analysis of Data
Compromise Cases - 2010

7Safe.s recently released Breach Report for 2010, states that based on the
analysis performed by their forensic investigations, 40% of all the
attacks relied on SQL injections, with another 20%, a combination of SQL
injection attacks and malware. Not only was the source of the attack
external in 80% of the cases, but also, a weakness in a web interface was
exploited in 86% of the cases, with the majority of affected companies
operating in a shared hosting environment.

[..]
_______________________________________________
Dataloss Mailing List (datalossdatalossdb.org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]