Cyberattacks November 2012 Part I – #opleak Targets Financial Institutions in Asia
#opleak is an operation originating from the hacker group – xl3gi0n, which had hacked, defaced and leaked databases information of four financial institutions in Asia.
The Hacker Group are targeting
- The Victims: The Asian Banker, Kumari Bank, Midwest Bank and Procredit
- The Targets: Web servers running on Apache with PHP installed with MySQL
- The Method : SQL Injection
- The Tool: Havij – automated SQL injection tool
A good Defenses references from OWASP:
- Option #1: Use of Prepared Statements (Parameterized Queries)
- Option #2: Use of Stored Procedures
- Option #3: Escaping all User Supplied Input
- Also Enforce: Least Privilege
- Also Perform: White List Input Validation
- Ensure web portals sanitize user inputs to ensure data input are as they should be. Limit the use of SQL queries from applications through the use of stored procedures.
- Webmaster can configure their web server to block access traffic from client where the HTTP User Agent header contains ‘Havij’, although this may be changed.
- Ensure the systems are using an up to date version of the software and have had all vendor supplied patches applied, especially for the systems which are running Apache, PHP and MySQL.
More details from OWASP SQL Injection Cheat Sheat