2nd Edition

Tracking the trends and news for IT and IT Security

Paul Davis

FBI and CISA Issue Alert for Threat Actors Actively Exploiting SQL Injection Vulnerabilities

FBI and CISA Issue Alert for Threat Actors Actively Exploiting SQL Injection Vulnerabilities>
Layer Seven
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued an alert urging organizations to address SQL injection vulnerabilities in their software
The alert is based on recent exploits by the Russian cybercrime group CL0P, also known as TA505, which has extorted an estimated $100M from organizations using ransomware
Key points:
TA505 exploits SQL injection vulnerabilities to install web shells in compromised servers, enabling them to execute operating system commands, install ransomware, and exfiltrate data
The group is believed to have breached 130 organizations in just 10 days
SQL injection vulnerabilities occur when user inputs are included in SQL commands to execute database queries, allowing threat actors to access and modify sensitive data, change programs and system configurations, and install and execute malicious programs
The risk of SQL injection can be mitigated using input validation, output encoding, escaping, and quoting
SAP software undergoes security testing to detect and remove potential SQL injection vulnerabilities, but securing custom programs deployed to SAP systems is the responsibility of each SAP customer
The Cybersecurity Extension for SAP is an SAP-certified addon that automatically detects SQL injection vulnerabilities in custom SAP ABAP programs and SAP UI5 applications, integrating with the ABAP Test Cockpit (ATC), SAP Code Inspector (SCI), and Transport Management System (TMS)
The alert highlights the importance of addressing SQL injection vulnerabilities to prevent cybercrime groups from exploiting them to propagate ransomware and compromise sensitive data
Organizations using SAP systems should ensure that their custom programs are secure and consider using tools like the Cybersecurity Extension for SAP to detect and prevent SQL injection vulnerabilities.
Link: https://layersevensecurity.com/fbi-and-cisa-issue-alert-for-threat-actors-actively-exploiting-sql-injection-vulnerabilities

Categories:

Tags: