430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

Ponemon study – SQL Injection attacks too dangerous for organizations

A new study conducted by the Ponemon Institute reveals the impact of successfully SQL injection attacks on organizations during the last year. The Ponemon Institute published a new study titled “The SQL Injection Threat Study“ to understand the reply of organizations to the SQL injection threat. The study is sponsored by DB Networks, its Chairman and CEO Brett Helm used the following […]

Ponemon study – SQL Injection attacks too dangerous for organizations

A new study conducted by the Ponemon Institute reveals the impact of successfully SQL injection attacks on organizations during the last year.

The Ponemon Institute published a new study titled “The SQL Injection Threat Study“ to understand the reply of organizations to the SQL injection threat.

The study is sponsored by DB Networks, its Chairman and CEO Brett Helm used the following words to describe the inpact of the SQL injection attacks:

“It’s well known that SQL injection attacks are rampant and have proven to be devastating to organization of all sizes. This study delves into both the scope and many of the root causes of SQL injection breaches,“

The analysis reveals that 65% of organizations suffered successfully SQL injection attacks in the last twelve months which were able to evade victims’ defenses.

“We believe this is the first study to survey the risks and remedies regarding SQL injection attacks, and the results are very revealing,“ “It is commonly accepted that organizations believe they struggle with SQL injection vulnerabilities, and almost half of the respondents said the SQL injection threat facing their organization is very significant, but this study examines much deeper issues.” commented Dr. Larry Ponemon. 

The worrying news is that despite about one-third of believe that their organization has the necessary technology to detect and mitigate the cyber threats, the success rate of SQL injection attacks is too high.

The SQL Injection attacks Threat Study

The SQL Injection attacks Threat Study 2

According the Ponemon The SQL Injection Threat Study, 52% of respondents reported to have adopted third-party software to detect the attack but that they haven’t tested it.

49 percent of the respondents revealed that the SQL injection threat represents a serious problem for their company, SQL injection is considered one of the primary caused of data breach.

Cybercrime is adopting techniques even more sophisticated but too many organizations are not aware of principal attack patterns and this consideration makes them more exposed to the cyber attacks.

“Less than half of respondents (46 percent) are familiar with the term Web Application Firewalls (WAF) bypass. Only 39 percent of respondents are very familiar or familiar with the techniques cyber criminal use to get around WAF perimeter security devices.” states the report.

The impact of SQL injection attacks on the organization is very serious, the threat is very insidious and it is hard to detect, breaches required in fact an average of nearly 140 days to discover with an additional 68 days on average needed to remediate.

Reportes highlights are:

  • 65% of respondents had experienced SQL injection attacks that successfully evaded their perimeter defenses in the past 12 months
  • SQL injection breaches required an average of nearly 140 days to discover with an additional 68 days on average needed to remediates
  • Nearly half of respondents (46%) were familiar with the term “WAF Bypass”
  • 88% of respondents had a favorable or very favorable opinion of the use of behavioral analysis technology for detecting SQL injection attacks
  • 44% utilize professional penetration testers to identify vulnerabilities in their IT systems; but only a third (35%) of those penetration tests were allowed to actually test for SQL injection vulnerabilities

Pierluigi Paganini

(Security Affairs –  Ponemon Institute, SQL injection)