Al Qaeda Cyber Attacks against Databases and Servers
Released on = December 5, 2006, 7:40 am
Press Release Author = Tamara Borg
Industry = Software
Press Release Summary = Acunetix urges online firms to take comprehensive precautions against possible attacks
Press Release Body = Kirkland, Washington - 05 December, 2006 - The US Computer Emergency Readiness Team (US-CERT) issued a warning of possible cyber attacks by Islamic militant groups associated with the Al Qaeda network. Aimed at penetrating websites, disrupting online service and destroying data, these attacks will probably target US online stock trading and banking websites.
According to MEMRI (Middle East Media Research Institute), Islamic websites have increased their focus on IT security related issues and one of the latest spates is the Technical Mujihad, an online magazine published by al-Fajr Information Center. The 64-page edition magazine was electronically distributed to password-protected Jihadist forums (according to SiteInstitute.org) on the 28th November and computer and contained Internet security related articles. SiteInstiture.org reports such articles as "The Technique of Concealing Files from View" and "How to Protect Your Files, Even if Your Device was Penetrated," were written for the intermediate to advanced user, and describe a variety of methods and software that provide security: "the editorial.emphasizes the great purpose of jihad in the information sector."
The situational awareness alert was issued by US-CERT, part of the Department of Homeland Security (DHS), on Thursday 30th December, stating that financial institutions could be targeted in denial-of-service and database attacks as soon as Friday. Online trading and banking websites are urged to take the necessary precautions against the infiltration and destruction of their website.
Assessing the security of a website According to the Privacy Clearing House over 97 million personal records were stolen through hack and related attacks over an 18 month period spanning February 2005 through late November 2006. Although terrorist attacks go beyond the profit intentions of hackers, organizations are now at great risk.
If the servers and/or web applications are compromised, any militant group could gain complete access to backend data. Web applications are designed to allow website visitors to retrieve and submit dynamic content (with varying levels of personal and sensitive data) through any web browser. Therefore web applications require direct and open access to backend databases to function properly. Hackers may easily gain access to sensitive data through several types of vulnerabilities including SQL Injection and cross-site scripting. It is fundamental for any institution with an online presence to regularly audit the security of its web assets, answering fundamental questions - "Which elements of our network infrastructure we thought are secure, are open to hack attacks?" and "What code can be thrown at web applications to cause them to misbehave?"
Acunetix provides on-demand site audit to help companies determine the security of their websites Acunetix SiteAudit is a new on-demand web security audit service that provides an immediate and comprehensive security audit of all off-the-shelf and bespoke web applications at an introductory price of only $395. In addition to performing a thorough web application scan, Acunetix is also offering a complimentary audit of a company\'s web and database servers to ensure that web security is completely up to scratch.
Acunetix SiteAudit:
* Provides an immediate and comprehensive website security audit * Ensures website is secure against web attacks * Checks for SQL injection, Cross site scripting and other vulnerabilities * Audits shopping carts, forms, and dynamic content * Scans entire website and web applications including Javascript / AJAX applications for security vulnerabilities.
About Acunetix
Acunetix was founded to combat the alarming rise in web attacks. Its flagship product, Acunetix Web Vulnerability Scanner, is the result of several years of development by a team of highly experienced security developers. Acunetix is a privately held company with headquarters based in Europe (Malta), a US office in Seattle, Washington and an office in London, UK. For more information about Acunetix, visit: http://www.acunetix.com; http://www.acunetix.de.
All product and company names herein may be trademarks of their respective owners.
Web Site = http://www.acunetix.com
Contact Details = For more information: Please email Tamara Borg: tamara@acunetix.com Acunetix Ltd: Tel: 888-231-6801, Fax: (+1) 425-650-6873 URL: http://www.acunetix.com.