How did Armor stop a SQL injection attack against multiple banking sites – all in less than eight hours?

The SQL injection attack

The experts in our Security Operations Center use best-in-breed tools to constantly monitor our customer’s environments. So when threat actors attempted a SQL injection attack on a banking customer’s eCommerce sites, we jumped into action. Our incident response and forensics (IRF) team quickly analyzed malformed files and a document submission form that had been exploited. We quickly neutralized the threat and hunted down the cause.

Upon completing forensics of the attack, we discovered a vulnerability exposed through misconfigured user input validation. With a firm understanding of their techniques, our security operations team helped fortify the customers’ website – fixing the vulnerability to strengthen them against future SQL injection attacks.

Read the full Armor War Story infographic: Major SQL Injection Attack infographic

What are SQL injections attacks?

SQL injections are a common tactic used to access databases, allowing threat actors to steal, alter or delete data. They have been responsible for several major data breaches– including the 2008 Heartland Payment Systems breach which affected 100 million credit cards.

How it works

Attackers search for web applications that do not sanitize the user’s input before passing it to a SQL query for the database to process. Then they send well-crafted requests to the web application, hoping the database will execute malicious queries hidden in their input strings. Successful query executions may eventually allow an attacker to gain full administration rights to the database and its data.

When this point is reached, they have free reign within the database. Depending on their intentions, they can exfiltration data, sell it, alter it or delete it. They can even void transactions or change balances, all while their identity is obscured. Worse yet, if the threat actor exfiltrates the data, the organization they often don’t realize there has been a breach until the data is leaked publicly.

How can SQL injection attacks affect financial institutions?

To put it shortly, they can be disastrous. SQL injections provide unlimited database access for any threat actor skilled or lucky enough to successfully execute it. If the database contains payment card information – regulated PCI DSS compliance standards – the breach can have major ramifications for the breached organization and their customers.

In the case of Heartland Payment Systems, they faced several procedural and financial, which included:

  • Notifying affected customers
  • Paying any related fines and penalties (for Heartland, this totaled $140 million)
  • Loss of reputation and customer confidence

Because the damage from SQL injection attacks can be so immense, it’s critical that organizations have adequate cyber security in place to minimize their risk. By securing their PCI data with Armor, our customer was able to safeguard their customers and their own future.