Members of “Anonymous” have breached a number of sub-domains of the European Space Agency website and leaked personal and login credentials of thousands of subscribers and officials. The leaked data includes full names, email addresses, office addresses, institution names, phone numbers, fax numbers and in many of the cases, clear-text passwords have also been exposed. Overall, more than 8,000 subscriber’s data has been exposed.
The hackers exploited a blind SQL vulnerability in order to access the back-end of the sub-domains and exfiltrate data from the database.
Blind SQL injection is a type of SQL Injection attack that asks the database true or false questions and determines the answer based on the application’s response.
While the direct impact of the breach is not yet clear, incidents such as these may be used as an initial step to launch further cyber-attacks. The information could be used to execute spear phishing attacks on key people within the organizations and gain sensitive data to carry out further attacks.
The attack stresses the importance of tight security measures for web applications. In this case, a blind SQL injection was used which could easily be addressed and prevented by analyzing the application code in advance using a static application security testing solution.
Sign up today & never miss an update from the Checkmarx blog
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.