Connect with us

Hi, what are you looking for?



SQL Injection Most Common Vector for Data Breaches in First Half of 2013: IBM

New research from IBM’s X-Force team names SQL injection as the most commonly traveled pathway to a successful breach during the first half of 2013.

According to IBM, 26 percent of the hundreds of breaches it examined this year were linked to SQL injection.

New research from IBM’s X-Force team names SQL injection as the most commonly traveled pathway to a successful breach during the first half of 2013.

According to IBM, 26 percent of the hundreds of breaches it examined this year were linked to SQL injection.

“Based on the incidents we have covered, SQL Injection (SQLi) remains the most common breach paradigm,” according to the X-Force 2013 Mid-Year Trend and Risk report. “We have not been surprised by this as SQLi is the most direct way to gain access to records in the database. In terms of return on exploit, SQLi is an effective attack of opportunity, where automated scripts can scan wide ranges of potential targets that run common web application software with known SQLi vulnerabilities.”

Those vulnerabilities represent however only a portion of the threat landscape for enterprises. According to the report, IBM has tracked more than 4,100 publicly-reported new security vulnerabilities during the first half of the year. If this trend continues for the remainder of the year, the vulnerability count will be roughly the same as the 8,200 new vulnerabilities reported in 2012.

Advertisement. Scroll to continue reading.

“Known vulnerabilities left unpatched in Web applications and server and endpoint software, create opportunities for attacks to occur,” blogged Robert Freeman, manager of X-Force Research at IBM. “These unpatched applications and software continue to be facilitators of breaches year after year.”

According to Freeman, attackers continue to look towards exploiting trusted relationships via social networks as well.

“Criminals are selling accounts on social networking sites, some belonging to actual people whose credentials were compromised, others fabricated and designed to be credible through realistic profiles and a Web of connections,” he wrote. “As a minimum they function to inflate page ‘likes’ or falsify reviews; though more insidious uses include hiding one’s identity to conduct criminal activities – the online equivalent of a fake ID, but with testimonial friends, adding to the deception.”

Additionally, attackers use social networks to generate false interest around brands through likejacking, planting contrived product reviews or helping content go viral. For example, Facebook’s own page lost 125,000 likes after the company began a campaign to purge fake accounts. Twitter is impacted by this type of activity as well. Earlier this year, researchers at Barracuda Networks noted that the market for buying Twitter followers had grown increasingly competitive, with the price per thousand followers falling from $18 in 2012 to $11 this year.

Malicious links posted on social media accounts are one of the tactics attackers can use to lure victims to compromised sites as part of watering hole attacks.

“Attackers focusing on a central, strategic target like special interest Websites that are heavily frequented by a select group of potential targets are an effective and optimized means of exploitation,” explained Freeman. “These central targets may not always have strong security solution and policies deployed, and even if they do, the cost of figuring out how to get through them is worth the opportunity to compromise the user-base.”

“These “watering hole” attacks are a great example of how operational sophistication is being used to reach targets not previously susceptible. By compromising the central site and using it to serve malware, attackers are able to reach more technically savvy victims who may not be fooled in phishing attempts, but would not suspect that sites they trust could be malicious.”

IBM urged organizations to focus their vulnerability management efforts on minimizing the threat they face by reducing the potential attack surface.

“The attack surface is represented by those vulnerabilities that are most accessible to potential attackers,” the report notes. “The accessibility of vulnerability to attack is defined primarily by the context of the network in which it resides. To make vulnerability management more effective, techniques that incorporate network context into the process need to be applied.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.