Very little in life grabs our attention like a shiny new object. The gleam can be irresistible, the glitter mesmerizing. That’s how it is in cybersecurity, where the landscape is almost always dotted with alluringly novel hazards. Brand new threats, fresh twists on old threats — the shiny malicious objects just keep on coming, year in and year out. 2017 brought us threats such as the EternalBlue exploit, WannaCry and NotPetya, all with very high impact and warranting immediate remediation.
Behind the attention grabbers, however, lurked a less newsworthy but much more widespread and persistent threat, ranking, once again, as the top mechanism of attack targeting many organizations in every sector: injection attacks.
A Top Threat to Organizational Networks
The facts are clear. According to IBM X-Force analysis of IBM Managed Security Services (MSS) data, injection attacks are the most frequently employed mechanism of attack against organizational networks. In fact, for the period assessed (January 2016 through June 2017), injection attacks made up nearly half — 47 percent — of all attacks. The most common types were operating system command injection (OS CMDi) and SQL injection (SQLi).
Figure 1: Injection attacks versus all attacks (Source: IBM Managed Security Services data).
Attackers take advantage of injection vulnerabilities in operating systems and applications to penetrate critical web servers and access back-end databases. From using malicious webshells to planting cryptocurrency mining tools or malicious PHP scripts, there are many ways in which cybercriminals can use injection attacks to reach their end goal.
Fortunately, addressing injection attacks doesn’t necessarily require heavy lifting. Implementing a few basic security measures can help mitigate the threat in your environment.
Most Prominent Injection Attack Types
While several types of injection attack patterns fall under the MITRE Corporation’s Common Attack Pattern Enumeration and Classification (CAPEC) category 152, the following patterns were the most prominent vectors targeting clients monitored by IBM X-Force. Interestingly, some of the most prevalent activity involved the exploitation of vulnerabilities that were two or more years old.
Figure 2: Most prominent injection attacks (Source: IBM Managed Security Services data).
Ejecting Injection Attacks From Your Environment
The root cause of many high-profile breaches often involves the exploitation of weaknesses that could have been remediated or addressed, such as password reuse, server misconfiguration and unpatched vulnerabilities. The same can be said for many successful injection attacks.
For more information about injection attacks and recommendations on how to mitigate them, read the IBM X-Force Research report, “What You Need to Know About Injection Attacks.”