Al Qaeda Cyber Attacks against Databases and Servers

Released on = December 5, 2006, 7:40 am

Press Release Author = Tamara Borg

Industry = Software

Press Release Summary = Acunetix urges online firms to take comprehensive
precautions against possible attacks

Press Release Body = Kirkland, Washington - 05 December, 2006 - The US Computer
Emergency Readiness Team (US-CERT) issued a warning of possible cyber attacks by
Islamic militant groups associated with the Al Qaeda network. Aimed at penetrating
websites, disrupting online service and destroying data, these attacks will probably
target US online stock trading and banking websites.

According to MEMRI (Middle East Media Research Institute), Islamic websites have
increased their focus on IT security related issues and one of the latest spates is
the Technical Mujihad, an online magazine published by al-Fajr Information Center.
The 64-page edition magazine was electronically distributed to password-protected
Jihadist forums (according to SiteInstitute.org) on the 28th November and computer
and contained Internet security related articles. SiteInstiture.org reports such
articles as "The Technique of Concealing Files from View" and "How to Protect Your
Files, Even if Your Device was Penetrated," were written for the intermediate to
advanced user, and describe a variety of methods and software that provide security:
"the editorial.emphasizes the great purpose of jihad in the information sector."

The situational awareness alert was issued by US-CERT, part of the Department of
Homeland Security (DHS), on Thursday 30th December, stating that financial
institutions could be targeted in denial-of-service and database attacks as soon as
Friday. Online trading and banking websites are urged to take the necessary
precautions against the infiltration and destruction of their website.

Assessing the security of a website
According to the Privacy Clearing House over 97 million personal records were stolen
through hack and related attacks over an 18 month period spanning February 2005
through late November 2006. Although terrorist attacks go beyond the profit
intentions of hackers, organizations are now at great risk.

If the servers and/or web applications are compromised, any militant group could
gain complete access to backend data.
Web applications are designed to allow website visitors to retrieve and submit
dynamic content (with varying levels of personal and sensitive data) through any web
browser. Therefore web applications require direct and open access to backend
databases to function properly. Hackers may easily gain access to sensitive data
through several types of vulnerabilities including SQL Injection and cross-site
scripting. It is fundamental for any institution with an online presence to
regularly audit the security of its web assets, answering fundamental questions -
"Which elements of our network infrastructure we thought are secure, are open to
hack attacks?" and "What code can be thrown at web applications to cause them to
misbehave?"

Acunetix provides on-demand site audit to help companies determine the security of
their websites
Acunetix SiteAudit is a new on-demand web security audit service that provides an
immediate and comprehensive security audit of all off-the-shelf and bespoke web
applications at an introductory price of only $395. In addition to performing a
thorough web application scan, Acunetix is also offering a complimentary audit of a
company\'s web and database servers to ensure that web security is completely up to
scratch.


Acunetix SiteAudit:

* Provides an immediate and comprehensive website security audit
* Ensures website is secure against web attacks
* Checks for SQL injection, Cross site scripting and other vulnerabilities
* Audits shopping carts, forms, and dynamic content
* Scans entire website and web applications including Javascript / AJAX applications
for security vulnerabilities.

About Acunetix

Acunetix was founded to combat the alarming rise in web attacks. Its flagship
product, Acunetix Web Vulnerability Scanner, is the result of several years of
development by a team of highly experienced security developers. Acunetix is a
privately held company with headquarters based in Europe (Malta), a US office in
Seattle, Washington and an office in London, UK. For more information about
Acunetix, visit: http://www.acunetix.com; http://www.acunetix.de.

All product and company names herein may be trademarks of their respective owners.


Web Site = http://www.acunetix.com

Contact Details =
For more information:
Please email Tamara Borg: tamara@acunetix.com
Acunetix Ltd: Tel: 888-231-6801, Fax: (+1) 425-650-6873
URL: http://www.acunetix.com.

  • Printer Friendly Format
  • Back to previous page...
  • Back to home page...
  • Submit your press releases...
  •