The number of SQL attacks jumped by nearly two thirds earlier this year according to cloud hosting firm FireHost who recorded over 450,000 blocked SQL injection attacks between the first and second quarter this year.
According to a report in ComputerWeekly, the firm claimed this week that it protected its users from 17 million cyber attacks from April to June 2012. 469,983 of those attacks were SQL injections, up from 277,770 attacks earlier this year, a 69 percent jump.
While security statistics have an intrinsic ebb and flow to them, FireHost’s numbers mark a spike. In this year’s X-Force Trend and Risk Report, IBM noted a 46 percent drop in SQL injections last year while a study by WhiteHat Security earlier this year noted the number of SQL injections in sites was also decreasing. After analyzing 7,000 websites, the firm found (.PDF) that only 11 percent of the sites contained SQL injection vulnerabilities while only four percent of the sites carried at least one SQL injection flaw compared to the overall vulnerability population.
A hacker group claimed to have used a SQL injection to infiltrate Yahoo earlier this month when 450,000 e-mail addresses and passwords belonging to the site’s Voices users were leaked online.