Back in late April, Wired magazine ran an article Massive Attack: Half A Million Microsoft-Powered Sites Hit With SQL Injection which described a global mini-crisis around SQL injection attacks that have hit the United Nations, UK Government sites, U.S. Department of Homeland Security (DHS) and many others. The article offered tips and a few suggestions for addressing the problem.
In May, SANS and Shadowserver.com offered advice on the same topic along with a list of malicious sites.
Microsoft also offered detailed recommendations in late May to address the problem.
In Michigan, we have seen the number of these types of SQL attacks against our web applications skyrocket in the past month. Addressing the issues has required significant efforts by many parts of the Michigan Department of Information Technology (MDIT). I don't want to declare total success yet, but I do want to join others in the industry in sounding the alarm.
No these are attacks are not totally new. Back in January, Alan Paller from SANS told SC Magazine about similar attacks.
Without going into more details, I would like to suggest that all government IT departments and contractors need to take a close look at their situation and quickly remediate any vulnerabilities. There is help available from the US-CERT and others to determine if you have issues. You can also contact your state's Information Sharing Analysis Center (ISAC) for help. If you don't know how to contact them, you can also contact the Multi-State Information Sharing and Analysis Center (MS-ISAC).
Microsoft and HP just announced some free tools to help battle the attacks.
The attacks do appear to be getting more serious (if that is possible) and affecting more sites. IBM is saying that this is the "third wave" of SQL injection attacks, according to some sources.
If your IT organization has not addressed this issue properly, I high recommend you look into whether you've been compromised.
In May, SANS and Shadowserver.com offered advice on the same topic along with a list of malicious sites.
Microsoft also offered detailed recommendations in late May to address the problem.
In Michigan, we have seen the number of these types of SQL attacks against our web applications skyrocket in the past month. Addressing the issues has required significant efforts by many parts of the Michigan Department of Information Technology (MDIT). I don't want to declare total success yet, but I do want to join others in the industry in sounding the alarm.
No these are attacks are not totally new. Back in January, Alan Paller from SANS told SC Magazine about similar attacks.
Without going into more details, I would like to suggest that all government IT departments and contractors need to take a close look at their situation and quickly remediate any vulnerabilities. There is help available from the US-CERT and others to determine if you have issues. You can also contact your state's Information Sharing Analysis Center (ISAC) for help. If you don't know how to contact them, you can also contact the Multi-State Information Sharing and Analysis Center (MS-ISAC).
Microsoft and HP just announced some free tools to help battle the attacks.
The attacks do appear to be getting more serious (if that is possible) and affecting more sites. IBM is saying that this is the "third wave" of SQL injection attacks, according to some sources.
If your IT organization has not addressed this issue properly, I high recommend you look into whether you've been compromised.
Subscribe to this blog's feed