|
| |
Sponsor Links
 Fast, reliable data access for ODBC, JDBC, ADO.NET and XML
Single Signon with SAML
SQL Injection Opens Door for Cyberattacks on Global Energy
Companies
by Ken North
Hacker tools, social engineering and incompetent database
administration permit penetration of corporate networks
Hackers in China have successfully waged a
campaign to capture financial and other sensitive information from the computers
of global energy companies. Using tools that are readily available from Chinese
hacker web sites, the miscreants have extracted data for a period of years,
according to research conducted at McAfee Labs. The cyberattacks known as Night
Dragon were successful in targeting oil, petrochemical and energy companies, in
addition to executives and other key individuals. The attacks have been fruitful
because they were undetected for a period between 2-4 years. The hackers were
able to extract confidential and proprietary data from financial documents and
operational systems, including SCADA and oil and gas field production systems.
|
The Night Dragon campaign is yet another
reminder of the risks associated with databases accessible from the Internet
and the consequences of not having effective multi-level security.
SQL Slammer was probably the first attack that created widespread awareness
of the vulnerability of web databases. It targeted the Microsoft SQL Server
platform but a spate of subsequent SQL-injection attacks has exposed
vulnerabilities of other servers and database-enabled applications. Applying
SQL injection techniques against the web servers of the target companies is
what enabled the hackers to gain entree to corporate networks and to
penetrate internal systems. SQL injection was also how the "Get Rich or Die
Tryin" hacker crew was able to penetrate corporate networks and steal
personal identifying information for 130 million debit and credit card
holders, discussed in
"Misuse of Computers: Shadowcrew and soupnazi". |
|
Tools for Hackers at Chinese Web Forums
Hacker web sites in China include tools for bypassing
corporate network security solutions, such as firewalls. Using WebShell
and ASPXSpy, the attackers were able to penetrate firewalls and funnel
control through web servers. One inside, the hackers used remote administration
tools (RAT). The zwShell tool enabled the hackers to generate unique
Trojan variants, to control the infected machines and to exfiltrate sensitive
data directly from them.
The attacks originated in China but the campaign used compromised servers in the
Netherlands and hosted servers in the US to act as command and control (C&C)
servers. According to George Kurtz of McAfee Labs, the Night Dragon attacks were
"an elaborate mix of hacking techniques including social engineering,
spear-phishing, Windows exploits, Active Directory compromises, and the use of
remote administration tools (RATs)." The attack scenario uncovered by
McAfee included:
1. Opening the door using spear-phishing, compromised VPNs and SQL injection
to exploit a company's web servers.
2. Planting malware for getting account information and for remote command
execution capability.
3. Using hacker tools for dumping account hashes and cracking passwords (gsecdump
and Cain & Abel)
4. Planting trojans to harvest and exfiltrate the target data.
These attacks are recent evidence that hackers are a persistent threat
and that organizations must invest in a variety of security measures to protect
sensitive data. The 19-page McAfee white paper (Global
Energy Cyberattacks "Night Dragon"
 )
has more information.
Security Database Server Watch
SQL Summit Home
Page Articles
© 2011, Ken North, All rights
reserved.
| |
|
