SQL injections are on the rise, with the number of attacks blocked by cloud vendor FireHost rising by over two-thirds during the quarter.
The report by FireHost revealed that during the period of April to June this year, the company fought off 17 million cyber attacks aimed at its customers. More than 2 million of these attacks were categories as the most serious kind of attacks – Cross-site Scripting (XSS), Directory Traversals, SQL Injections, and Cross-site Request Forgery (CSRF).
Although SQL injections only made up 21% of these most dangerous and serious attacks, FireHost says the figure is still significant. The number of blocked SQL injection attacks went up from 277,770 during the first quarter to 469,983 during the second.
"Many, many sites have lost customer data in this way," said Chris Hinkley, senior security engineer at FireHost. "SQL Injection attacks are often automated and many website owners may be blissfully unaware that their data could actively be at risk."
Some recent high profile victims of SQL injection attacks are thought to include LinkedIn, Yahoo and eHarmony.
Todd Gleason, director of technology at FireHost, added that while those headline-grabbing attacks were likely to have been highly targeted, it is the random, automated bots that cause most danger to businesses.
"Some of the data theft incidents that are reported in the media are precisely targeted, but a more substantial risk to most comes from an abundance of automated, malicious bots that attack websites in a more random fashion," he said.
"Businesses should take readily available and basic steps to block any kind of unwanted traffic from accessing their sites. Mitigating Denial of Service attacks and ensuring web applications are secure can go a long way toward fighting off these random attacks," Gleason added.
