Very little in life grabs our attention like a shiny new object. The gleam can be irresistible, the glitter mesmerizing. That’s how it is in cybersecurity, where the landscape is almost always dotted with alluringly novel hazards. Brand new threats, fresh twists on old threats — the shiny malicious objects just keep on coming, year in and year out. 2017 brought us threats such as the EternalBlue exploit, WannaCry and NotPetya, all with very high impact and warranting immediate remediation.

Behind the attention grabbers, however, lurked a less newsworthy but much more widespread and persistent threat, ranking, once again, as the top mechanism of attack targeting many organizations in every sector: injection attacks.

Read the research report: What you need to know about injection attacks

A Top Threat to Organizational Networks

The facts are clear. According to IBM X-Force analysis of IBM Managed Security Services (MSS) data, injection attacks are the most frequently employed mechanism of attack against organizational networks. In fact, for the period assessed (January 2016 through June 2017), injection attacks made up nearly half — 47 percent — of all attacks. The most common types were operating system command injection (OS CMDi) and SQL injection (SQLi).


Figure 1: Injection attacks versus all attacks (Source: IBM Managed Security Services data).

Attackers take advantage of injection vulnerabilities in operating systems and applications to penetrate critical web servers and access back-end databases. From using malicious webshells to planting cryptocurrency mining tools or malicious PHP scripts, there are many ways in which cybercriminals can use injection attacks to reach their end goal.

Fortunately, addressing injection attacks doesn’t necessarily require heavy lifting. Implementing a few basic security measures can help mitigate the threat in your environment.

Most Prominent Injection Attack Types

While several types of injection attack patterns fall under the MITRE Corporation’s Common Attack Pattern Enumeration and Classification (CAPEC) category 152, the following patterns were the most prominent vectors targeting clients monitored by IBM X-Force. Interestingly, some of the most prevalent activity involved the exploitation of vulnerabilities that were two or more years old.


Figure 2: Most prominent injection attacks (Source: IBM Managed Security Services data).

Ejecting Injection Attacks From Your Environment

The root cause of many high-profile breaches often involves the exploitation of weaknesses that could have been remediated or addressed, such as password reuse, server misconfiguration and unpatched vulnerabilities. The same can be said for many successful injection attacks.

For more information about injection attacks and recommendations on how to mitigate them, read the IBM X-Force Research report, “What You Need to Know About Injection Attacks.”

More from Advanced Threats

Phishing kit trends and the top 10 spoofed brands of 2023

4 min read -  The 2024 IBM X-Force Threat Intelligence Index reported that phishing was one of the top initial access vectors observed last year, accounting for 30% of incidents. To carry out their phishing campaigns, attackers often use phishing kits: a collection of tools, resources and scripts that are designed and assembled to ease deployment. Each phishing kit deployment corresponds to a single phishing attack, and a kit could be redeployed many times during a phishing campaign. IBM X-Force has analyzed thousands of…

Grandoreiro banking trojan unleashed: X-Force observing emerging global campaigns

16 min read - Since March 2024, IBM X-Force has been tracking several large-scale phishing campaigns distributing the Grandoreiro banking trojan, which is likely operated as a Malware-as-a-Service (MaaS). Analysis of the malware revealed major updates within the string decryption and domain generating algorithm (DGA), as well as the ability to use Microsoft Outlook clients on infected hosts to spread further phishing emails. The latest malware variant also specifically targets over 1500 global banks, enabling attackers to perform banking fraud in over 60 countries…

A spotlight on Akira ransomware from X-Force Incident Response and Threat Intelligence

7 min read - This article was made possible thanks to contributions from Aaron Gdanski.IBM X-Force Incident Response and Threat Intelligence teams have investigated several Akira ransomware attacks since this threat actor group emerged in March 2023. This blog will share X-Force’s unique perspective on Akira gained while observing the threat actors behind this ransomware, including commands used to deploy the ransomware, active exploitation of CVE-2023-20269 and analysis of the ransomware binary.The Akira ransomware group has gained notoriety in the current cybersecurity landscape, underscored…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today