What you need to know – Anonymous strikes the European Space Agency

Members of “Anonymous” have breached a number of sub-domains of the European Space Agency website and leaked personal and login credentials of thousands of subscribers and officials. The leaked data includes full names, email addresses, office addresses, institution names, phone numbers, fax numbers and in many of the cases, clear-text passwords have also been exposed. Overall, more than 8,000 subscriber’s data has been exposed.

 

The hackers exploited a blind SQL vulnerability in order to access the back-end of the sub-domains and exfiltrate data from the database.

 

Blind SQL  injection is a type of SQL Injection attack that asks the database true or false questions and determines the answer based on the application’s response.

 

While the direct impact of the breach is not yet clear, incidents such as these may be used as an initial step to launch further cyber-attacks. The information could be used to execute spear phishing attacks on key people within the organizations and gain sensitive data to carry out further attacks.

 

The attack stresses the importance of tight security measures for web applications. In this case, a blind SQL injection was used which could easily be addressed and prevented by analyzing the application code in advance using a static application security testing solution.

The following two tabs change content below.

Amit Ashbel

Cyber Security Evangelist at Checkmarx
Amit Ashbel has been with the security community for more than a decade where he has taken on multiple tasks and responsibilities, including technical and Senior Product lead positions. Amit adds valuable product knowledge including experience with a wide range of security platforms and familiarity with emerging threats. Amit also speaks at high profile events and conferences such as Blackhat, Defcon, OWASP, and others.

Jump to Category