Virtual Patching Takes the Pain out of Defending against SQL injection Attacks Like LizaMoon
LizaMoon isn’t particularly malicious or successful because of its bush league antics. The AV scan is too fast and clearly fake, and there are mis-spellings and lame graphics throughout the redirect process. Besides, it gives users at least four different opportunities to bail out before getting their PCs infected and getting hit up for money.
But LizaMoon has embarrassed a lot of reputable companies whose web servers spread the malware. What’s more, it makes you wonder: What happens when a more professional and targeted SQL injection comes down the wire? It’s a good question because there are criminal syndicates the world over who are learning from the likes of LizaMoon. Future SQL injection attacks won’t be as amateurish in their design or execution.
The good news is that even sophisticated SQL injection attacks can be thwarted by patching and deploying the right database security solution. However, the problem is that applying DBMS security patches can be painful—requiring extensive testing and downtime, and often resulting in business disruption.
In some cases, patching is darn near impossible because, in many enterprise environments today, databases are synonymous with the business itself. And the business has to be open on a 24 x 7 x 365-day basis. Equally daunting, most IT shops are running customized applications for which patches aren’t readily available. And, of course, there are many DBMS versions that are still providing value day in and day out but, like Oracle8i, they are no longer supported by the vendor.
Even in the best-case scenario, in which in-house developers and database or application vendors respond promptly with patches, it may be days or weeks before there is a block of time sufficient for applying patches without unduly disrupting business operations.
So, what’s a responsible IT security manager to do? Virtual patching. It’s an essential first line of defense against SQL injection attacks. And it protects against known and zero-day vulnerabilities until you can patch.
Virtual patching utilizes a real-time database monitoring component that continuously scans for unauthorized changes in databases and applications. Monitoring is based on generic virtual patching rules. So, for example, a rule that detects attempts to inject code into SQL Server would catch LizaMoon’s SQL query, even though it has been obfuscated.
It’s important to note that not all database monitoring solutions provide protection for general attacks. Also, solutions that rely on monitoring SQL traffic will typically miss encrypted, encoded or otherwise obfuscated attacks.
If LizaMoon has taught us anything, it’s that you have to look at security from all angles and protect your databases accordingly. Whether cybercriminals are dumb or brilliant, you have to defend against all of them. And that requires deploying smart, comprehensive solutions.