Sponsor Robert Siciliano as he runs the Boston Marathon for Miles for Miracles, Children's Hospital Boston
ROBERT SICILIANO, CEO of www.IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds.
Xtreme School

FREE EBOOK

Valid Email Required to receive free eBook

Check here if you're human

Security Tips

Browse by Month

Browse by Category

Targeted Injection Attacks on the Rise

0
Published: Feb 09, 2010
Tags:

Robert Siciliano Identity Theft Expert

In the latter half of 2009, criminal hackers went from mass SQL injection campaigns to targeted attacks. SQL is abbreviation of Structured Query Language. Pronounced  ”Ess Que El” or ”Sequel”. The attackers shift in strategy focused on targeting high-profile websites, concluded Websense’s State of Internet Security report for the third and fourth quarter of 2009.

SQL injections have evolved in their purpose and sophistication. Originally meant as a tool to attack a merchant’s database and steal data. The attack was reconfigured last summer to install viruses on users’ computers that contain a remote control component.

Matt Chambers with Corporate IT Solutions says, “Web applications are one of the most outward facing components a corporation contains in its network design, and one of the least protected. Applications typically take input information and send it to a database for storage and processing. We interact with these kinds of applications every day, whether it’s a signup form or a login page for a favorite networking site.”

Patrik Runald, senior manager of security research at Websense, told SCMagazineUS.com “The bad guys are going after high-profile, high-volume websites, instead of going after the smaller websites, which are easier to inject code into.”

The report says attackers increasingly launched targeted attacks, which often start with an email containing a malicious link. During the second half of 2009, 81 per cent of email contained a malicious link, the report states.

When an employee receives a spear phish, based on information gathered from the companie’s website, and that employee clicks that link, the link may download a program that disables the companies anti-virus and defeats all security measures. This is why one must never click links in the body of an email. There are hardly ever links in emails that can’t be worked around either in the favorite menus or via manually typing in the browser.

1.      NEVER click links in email. It’s shear laziness, naiveté or stupidity when someone clicks links in the body of an email today.

2.      Get yourself and ethical hacker to test your network and see what damage he can do before the bad guy does.

3.      Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

4.      Go to my website and get my FREE ebook on how to protect yourself from the bad guy.

5.      Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing credit card and debit card fraud on CNBC

About the Author
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.

Similar Posts

  • Criminal Hackers Create 3 Million Fraudulent Websites Annually
    A recent study shows that organized criminals create approximately 8,000 malicious websites every day, or over 57,000 each week. These malicious websites model legitimate websites that we visit every day, such as bank websites, online shopping sites, and eBay. According to this study, the most frequently impersonated companies include Visa, Amazon.com, PayPal, HSBC, and the United States
  • Be careful Your PC Isn’t Held for Ransom
    Computerworld reported that a hacker threatened to expose health data and demanded $10 million from a government agency. The alleged ransom note posted on the Virginia DHP Prescription Monitoring Program site claimed that the hacker had backed up and encrypted more than 8 million patient records and 35 million prescriptions
  • 15 Social Media Security Tips
    1. Realize that you can become a victim at any time. Not a day goes by when we don’t hear about a new hack. With 55,000 new pieces of malware a day, security never sleeps. 2. Think before you post. Status updates, photos, and comments can reveal more about you than you intended to disclose. You
  • email Addresses Hacked via a Botnet or Phished?
    Robert Siciliano Identity Theft Expert Recently Microsoft, Yahoo, Google, Comcast and Earthlink announced thousands of email addresses and their passwords were phished by identity thieves and posted in an online forum. One report suggests the emails phished could be up to a million victims. Researchers parsed the hacked passwords and broke them down into categories based on
  • Google Gets Hacked & What It Means to You
    Robert Siciliano Identity Theft Expert Google disclosed that it had been breached by Chinese hackers, who were apparently targeting Chinese dissidents: “The cyber-assault came to light on Tuesday when Google disclosed to the public that the Gmail Web service was targeted in a highly-organized attack in late December. Google said that the intrusion attempt originated from China

Leave a Comment