DDoS & SQL Injections: Cyberattacks for Noobs

Source: Pexels
A cyberattack that collapses global infrastructure and cripples communications used to be a go-to plot device for action movies – it’s the entire premise of Die Hard 4 – but it never had much grounding in reality, the inaccessibility of hacking tools and relevant skills providing some degree of security against cyber-villains. However, the intensity and frequency of cyberattacks is growing, and countermeasures are something every business needs to consider.
There are lots of different ways to break down a website’s digital doors but SQL injections and Distributed Denial of Service (DDoS) attacks have warranted the most column inches over the past few years. The former technique was behind hacks on TalkTalk, in which a combined 6.4m of customer records were stolen, while a DDoS attack took down half the internet towards the end of last year.

Web Application Firewalls
Of the two, SQL injections are the biggest threat to businesses according to the Open Web Application Security Project (OWASP). What’s quite surprising is that this type of attack is nearly two decades old and very simple to pull off. “You could teach a 4-year-old to do it”, hacker-turned-researcher Mustafa Al-Bassam told Motherboard. That is because instead of utilising sophisticated tools, SQL injections are a result of poor security and/or a lack of computer skill in the target’s workforce.

Source: Pixabay
Considering the availability of web application firewalls and similar security solutions, the above is more than a little alarming. Taking the form of a “barrier” in the cloud, a web application firewall actively protects against SQL injections and other web attacks, preventing data breaches and downtime. As even small WordPress blogs have been the targets of cyberattacks recently, third-party defences are an increasingly attractive option for any business with a presence online.

SQL Injections
But what are SQL injections? In brief, the technique is a way of changing a website’s code so that it operates differently to normal. A popular analogy describes the website as a robot with orders to collect boxes from numbered bays and place them on a conveyor belt. If somebody were to “inject” the robot with new orders telling it to throw the boxes out the window, their contents could be easily stolen by a criminal waiting outside.
Ultimately, both cybercrime and security companies exist because information is valuable, either as a commodity to be traded illegally or as a customer record sequestered in a database somewhere. A simple rule to follow is that if data loss or downtime would cost money, a business should have safeguards in place to prevent them.

Source: Pixabay
DDoS Attacks
While SQL injections present a direct threat to a business, DDoS attacks have gained infamy for their sheer scale and sometimes indiscriminate nature. DDoS attacks occur when hundreds or thousands of different devices try to connect to a web service at the same time, preventing it from functioning as normal. The devices, usually organized into a swarm or “botnet”, are often infected by malware that can receive remote commands from a hacker.
Last year’s massive internet outage was due to an attempted attack on Sony via Dyn, a company responsible for turning web addresses into IP addresses. The botnet involved, Mirai, was 100,000 devices strong.