A well-known Russian hacker Rasputin breaches over 60 Universities and US government organization through unpatched SQL injection. According to the Recorded Future, the hacker targets top universities like Cornell University, New York University (NYU), Purdue University, Michigan State University, the Rochester Institute of Technology, and the University of Washington belonging to the United States.
In the UK, Rasputin targets University of Cambridge, University of Oxford, the University of Edinburgh, and the Architectural Association School of Architecture. Likewise, several top institutions and organizations are targeted and breached.
Rasputin is believed to be one who attacks the US Electoral Assistance Commission in December 2016, utilizing SQL injection as his weapon. Several institutions in US states become the victims of SQLi exploit.
Over a decade, web applications and other third party software are poorly programmed, allowing hackers like Rasputin to take advantage of the drawback and accessing the sensitive data from the government and the universities.
Free tools like Havij, Ashiyane SQL Scanner, SQL Exploiter Pro, and SQLSentinel can be used to automate the identification of security vulnerabilities in these systems.
Like, Rasputin, there are several hackers who uses SQL injection techniques as a weapon to breach the data. The hacker targets all prestigious universities and government agencies including US Postal Regulatory Commission, the US Department of Housing and Urban Development, Health Resources and Services Administration, and the National Oceanic and Atmospheric Administration, Oklahoma State Department of Education, the Rhode Island Department of Education, the West Virginia Department of Environmental Protection, and the Washington State Arts Commission.
Recorded Future reports that the hacker was now able to access the US and UK sensitive data. He steals and sells the data to the public.
This well established, but easy-to-remediate problem (though often costly), continues to vex public and private sector organizations. Economics must be addressed to fully eradicate this issue. Despite the government’s penchant for employing sticks to modify behavior, perhaps it’s time to offer financial carrots to address and fully eradicate this issue.