Subscribe
  • Home
  • /
  • Malware
  • /
  • Increased hacker interest in SQL injection attacks

Increased hacker interest in SQL injection attacks

Imperva's second annual hacker forum analysis detects black market for social network fraud.

Issued by Imperva
Redwood Shores, California, 29 Oct 2012

Imperva (NYSE: IMPV), a pioneer and leader of a new category of business security solutions for critical application and high-value data in the data centre, today released its October Hacker Intelligence Initiative report: "Monitoring Hacker Forums", its second annual analysis of a large hacker forum, containing roughly 250 000 members. Imperva has detected a black market for social network fraud. In addition, about one-third of discussions in the hacker forum focused on training and tutorials for data theft techniques such as SQL injection, but industry analysts estimate less than 5% of IT budgets include products to mitigate attacks in the data centre.

"By examining what information hackers seek out or share in these forums, we can better understand where they are focusing their efforts," said Amichai Shulman, CTO, Imperva. "If organisations neglect SQL injection security, we believe that hackers will place more focus on those attacks."

Highlights from the report include:

* DDOS and SQL injection are the most popular attack methods: DDOS and SQL injection remain the most popularly discussed hacking topics. According to the analysis, DDOS (19%) and SQL injection (19%) were the most frequently discussed attack methods. However, Gartner's Forecast: Security Infrastructure Worldwide, 2010-2016, 2Q12 Update shows $25 billion was spent on security software and network equipment in 2011, and we believe less than 5% of security budgets is allocated to products that mitigate SQL injection attacks.

* Market for social network endorsements are on the rise: In a keyword search relating to social networks, Imperva found that Facebook (39%) and Twitter (37%) were the most frequently discussed social networks. In reviewing social network related posts, Imperva observed a black market for buying and selling illegitimate social network likes, followers, and endorsements, with particular attention given to the origin of these likes and followers.

* Hacker education comprises a third of all forum conversations: Of the total conversations analyzed, roughly 28% were related to beginner hacking and hacker training, while another 5% related to hacking tutorials. Both aspiring and veteran hackers frequent forums to exchange techniques, build credibility and publish their hacking successes.

To download the full report, please visit: http://www.imperva.com/download.asp?id=81.

Get up-to-date security insights on the Imperva Data Security blog.

Share

Imperva

Imperva is a pioneer and leader of a new category of business security solutions for critical applications and high-value data in the data centre. Imperva's award-winning solutions protect against data theft, insider abuse, and fraud while streamlining regulatory compliance by monitoring and controlling data usage and business transactions across the data centre, from storage in a database or on a file server to consumption through applications. With over 1 900 end-user customers in more than 60 countries and thousands of organisations protected through cloud-based deployments, securing your business with Imperva puts you in the company of the world's leading organisations. For more information, visit www.imperva.com, follow us on Twitter or visit our blog. We're hiring! Help us protect the world's data: http://www.imperva.com/go/jobs.

Forward-looking statements

This news release contains forward-looking statements, including without limitation those regarding Imperva's expectation of receipt of certification under the Common Criteria for Information Technology Evaluation Framework in 2012. These forward-looking statements are subject to material risks and uncertainties that may cause actual results to differ substantially from expectations. You should consider important risk factors, which include: the risk that our products do not achieve certification under the Common Criteria for Information Technology Evaluation Framework; and other risks detailed under the caption "Risk Factors" in Imperva's filings on the SEC's Web site at http://www.sec.gov/. We undertake no obligation to update any of the forward-looking statements contained herein after the date of this release, whether as a result of new information, future events or otherwise.

(c) 2012 Imperva, Inc. All rights reserved. Imperva, the Imperva logo and SecureSphere are trademarks of Imperva, Inc.

Editorial contacts

Clinton Karr
Imperva
(415) 432-2441
Clinton.Karr@lewispulse.com