Wednesday 17 December 2008

Hack chain, held together by database attacks, linked at each end

As the western world enters their festive season the spirit of good will and peace to all men has most computer users lowering their guard. The rush to search the internet for gifts to buy and the process of ordering online has given those not winding down for Christmas (i.e. the attackers) a bumper harvest.

Following on from my previous post we see Microsoft issuing advice on how to mitigate newly exploited vulnerabilities in their web-browser that forms one link in a chain of vulnerabilities. What is really neat is that each end of the chain of this exploit requires an attack on a database. Initially, malware is force-fed into web-sites using a SQL Injection attack to poison an external database serving the web-site. Visitors of these sites accidentally load malware into their browser as served by the site. The malware then exploits the browser to masquerade as the computer user on the user’s own corporate network. Now the attacker is pretending to be an authorized user on the corporate network. The next part of the attack uses internal credentials to connect to an internal corporate database and then exploits vulnerabilities on the database to gain complete control of it. This includes stealing data and controlling the network further.

Organisation's internal databases are not well protected, and they typically expect their perimeter firewall to keep the outsiders out. Given the chain of events that allows an external attacker to get access to internal databases whilst appearing to be an insider, the perimeter firewall is totally ineffective. A database firewall is called for here. The best form of defence is to not trust any database accesses – regardless of whom and from where they come. This requires building active control policies for database usage and enforcing them. At Secerno, the DataWall™ product-line achieves just this by utilising the SynoptiQ™ Engine.

Break the chain of successful attacks! Proactively control and protect all your databases – from those on the inside – and those on the outside! It is no longer possible to safely discriminate who is who.