Hackers Target SQL Injection
Written by Kay Ewbank   
Friday, 02 November 2012

An analysis of hacker forums has found that SQL injection is currently the most discussed topic among forum members.

The analysis, by security company Imperva, looked at conversations on one of the largest hacker forums with around 250,00 together with other smallerforums and identified topics using specific keywords.

Having inspected a sample of 439,587 threads between September 2011 and September 2012. The researchers found that SQL injection is now tied with DDoS as the most discussed topic. Both topics got 19 percent of discussion by volume:

imperva

 

Other findings in the analysis are that social networks are a major source of information, pictures, and potential monetary gain for hackers. Facebook was the most discussed social media platform, commanding 39 percent of discussions with Twitter a close second at 37 percent.

Imperva points out that the popularity of SQL injection as a topic and as the preeminent method of attack means that security teams continue to ignore SQL injection attacks at their own risk. The researchers point out that ironically, this year’s Gartner’s Worldwide Spending on Security by Technology Segment, Country and Region, 2010-2016 shows that of the $25 billion spent on software security, less than 5 percent is allocated to products for protecting the data center. What’s more, Imperva believes that even those products can’t recognize SQL injection attacks, much less stop them.

The full report on the analysis makes fascinating reading. 28 percent of conversations relate to training, with help for aspiring hackers wanting to learn both technical and non-technical aspects of how to hack. There are sub-forums for “Beginner Hacking” where trainee hackers can ask questions, learn about tools and methods, and publish their first successes in the cyber world. The researchers say that posting a good tutorial showing how to perform some aspect of hacking “can gain its author reputation in the community, and can lead to job offers, collaborations, and invitations to deeper, invitation-only forums. Taken together, about a third of the conversations are dedicated to hacker training and education, which make them the main topic of the forum.” This must mean hackers receive more training and support than most IT departments!

The researchers also point out that forums evolve to fit changes of interest in technologies and trends, citing examples such as a new forum titled “Decompiling, Reverse Engineering, Disassembly, and Debugging” that may reflect growing professionalism and interest in higher level coding.

More Information

Monitoring Hacker Forums (Imperva, pdf)

Related Articles

PlaceRaider - Your Phone Can Steal A 3D Model Of Your Location

Frankenstein - Stitching Code Bodies Together To Hide Malware

A Short History of Hacking

Cyber Attacks and Holidays

Security by obscurity - a new theory

 

espbook

 

Comments




or email your comment to: comments@i-programmer.info

 

To be informed about new articles on I Programmer, install the I Programmer Toolbar, subscribe to the RSS feed, follow us on, Twitter, Facebook, Google+ or Linkedin,  or sign up for our weekly newsletter.

 

Banner


DuckDB And Hydra Partner To Get DuckDB Into PostgreSQL
11/11/2024

The offspring of that partnership is pg_duckdb, an extension that embeds the DuckDB engine into the PostgreSQL database, allowing it to handle analytical workloads.



Copilot Improves Code Quality
27/11/2024

Findings from GitHub show that code authored with Copilot has increased functionality and improved readability, is of better quality, and receives higher approval rates than code authored without it.

 [ ... ]


More News

Last Updated ( Friday, 02 November 2012 )