SQL injections have increased by 69 percent since Q1 2012, web host FireHost says in a report released on Tuesday.
FireHost says that a SQL injection is an attack vector of choice for data thieves, and has been associated with many high profile data breaches including being the suspected method behind the recent Yahoo! and LinkedIn breaches.
The report is a follow-up to FireHost’s Q1 2012 research released in April 2012.
Between April and June 2012, FireHost protected its customers across 33 countries from a total of 17 million cyber attacks.
The data FireHost collects from protecting customers is compiled into a quarterly report. This is a relatively easy way for a web host, which presumably is already collecting this data, to share and create content for inbound marketing.
FireHost says more than two million of the attacks fit into what it calls the “Superfecta.” The Superfecta is a group of four serious attack types considered to be the most dangerous. They include cross-site scripting, directory traversals, SQL injections and cross-site request forgery.
“SQL injection attacks are often automated and many website owners may be blissfully unaware that their data could actively be at risk,” Chris Hinkley, CISSP, a senior security engineer at FireHost said in a statement. “These attacks can be detected and businesses should be taking basic and blanket steps to block attempted SQL Injection, as well as the other types of attacks we frequently see.”
83 percent of the attacks FireHost blocked during Q2 2012 originated in the US, while 8 percent came from Southern Asia. Europe came in third with 6 percent.
“Some of the data theft incidents that are reported in the media are precisely targeted, but a more substantial risk to most comes from an abundance of automated, malicious bots that attack websites in a more random fashion,” Todd Gleason, director of technology at FireHost said in a statement. “Businesses should take readily available and basic steps to block any kind of unwanted traffic from accessing their sites. Mitigating denial of service attacks and ensuring web applications are secure can go a long way toward fighting off these random attacks.”
Talk back: Have you noticed an increase in SQL injections over last quarter? Do you provide security reports to prospective customers as a marketing move? Let us know in a comment.