Illusive Blog January 12, 2016

Raise Your Code Injection Vulnerability Prevention Measures

By The Illusive Networks team

injection_vulnerabilityBusinesses are targeted by hackers so often that the FBI now ranks cyber crime as one of their primary law enforcement activities. Major attacks on companies in the United States have affected hundreds of millions of customers and cost businesses millions of dollars in fines, lost revenue and lawsuits, while causing potentially irreparable damage to their reputations.

 Tweet: A comprehensive strategy for defending yourself against an #InjectionVulnerability must include the following >> you have cracks in your network, cyber attackers will take advantage—it’s just a matter of time. Code injections and malware are two of the most common ways that attackers initially penetrate networks  – and companies must be prepared to defend themselves against injection vulnerabilities.

Injection Vulnerabilities Can Slip Through the Smallest Cracks

Every time an application sends untrusted data to an interpreter, an injection vulnerability can be exploited by an attacker. Injection attacks most frequently target SQL, XPath, LDAP and program arguments, where a cyber attacker can exploit a flaw in the code to illegally access data.

SQL injections—breaches of database information through a Web application—are very common. In this type of injection vulnerability, a cyber attacker enters a rogue SQL fragment into a field on your website. The statement then attempts to manipulate content on a database that it is not authorized to access.

Analysts estimate that more than 20% of database-connected applications contain at least one SQL injection vulnerability. If an SQL injection attack gains control of the server where the database is stored, attackers can compromise user credentials and dig even deeper into your network.

Tweet: A comprehensive strategy for defending yourself against an #InjectionVulnerability must include the following >> strategy for defending yourself against an injection vulnerability should include:

  • Continuous monitoring

  • Strict enforcement of password policies

  • Regular updates and patches

  • Secure coding and development practices

  • Perimeter security appliances—firewalls, web filtering, IPS, IDS, advanced malware detection and more

  • Disabling of unnecessary database functions

Implementing a strategy with these points in mind helps fill one of the most common cracks in cyber defenses. However, there are a vast array of potential malware attacks that cyber attackers can launch to gain a foothold in your network.


Malware Can Make the Cracks Look Huge

Your employees play a major role in cyber security – since all it takes is one set of user credentials for attackers to carry out a data breach. Cyber attackers can compromise users with social engineering campaigns, deliver malware and wreak havoc in your network for months before being detected.

Malware has been responsible for many of the recent data breaches at major U.S. companies. In the summer of 2013, over 350,000 customers of Neiman Marcus had their credit card information stolen, and since then hackers have fraudulently used more than 9,000 of the cards. Customer information in more than 60 UPS locations was compromised by Backoff malware.

About 56 million Home Depot shoppers had their credit card information stolen by cyber criminals using malware, and SuperValu has been attacked twice, losing customer data and payment card information. There may not be any blatant holes in your security systems, but cyber criminals can customize malware to exploit your weaknesses.

There are several effective strategies for protecting a system against a malware infection:

  • Install and regularly update strong security software such as anti-virus, anti-spyware, anti-spam, firewall, and backup technologies.

  • Train employees to beware of phishing schemes. Be sure e-mail programs don’t automatically open attachments, and never open unsolicited e-mails or unexpected attachments.

  • Enable automatic Windows updates or download them regularly to be sure your system stays protected against vulnerabilities. Up-to-date patches and a firewall are the best defenses against malware and spyware.

  • Be extremely careful when sharing files through peer-to-peer (P2P) connections, which are notorious for harboring Trojans waiting to be downloaded.

  • Install security solutions for cell phones, PDAs, and Wi-Fi devices to protect them against Trojans arriving in e-mails, downloaded from the Internet, or uploaded from a desktop.

Cyber attackers are crafty and injection attacks and customized malware are just two of the more common ways that they can slip through the cracks in your network security systems.

Even though different strategies for filling in these cracks were discussed above, a proactive Deceptions Everywhere® approach to security can safeguard your data in ways that traditional methods can’t.


Recommended Reading For You: