Three significant waves of SQL injection attacks appear to be under the control of the same source, according to one security researcher. Three significant waves of SQL injection attacks appear to be under the control of the same source, according to one security researcher.America’s 10 most wanted botnetsRoughly 80,000 Web sites in China, 67,000 in the U.S. and 40,000 in India remain compromised and under botnet control as a result of separate and ongoing SQL injection attacks. The highest infection point during the last three months reached into the millions at one point in China.The SQL injection attacks have inserted malicious iFrames into legitimate Web sites in order to force visitors off them and onto dangerous malware-laden sites. Mary Landesman, senior security researcher at ScanSafe, says she believes these three waves of SQL injection attacks are likely the handiwork of the same attacker because of the similarity of the domain-name registration information and style of attack. “It’s the thread of the domain names being used,” Landesman says. Seven of these “mal-domains” — a term coined by Landesman to describe domain names used solely to build Internet infrastructure to spread malware or otherwise cause harm — were registered under the same name and address (which are clearly bogus, being not more than gibberish).These domain names are now apparently being farmed out across the world as part of the globally distinct attacks in China, U.S. and India. In this case, the identified domain names were registered using bogus information provided to registrar Go Daddy, which Landesman says is “highly unusual,” since Go Daddy has a generally good reputation and attackers typically prefer “domain name providers that turn a blind eye.”Go Daddy was not immediately available to comment.But the larger problem isn’t specific to any one domain-name registrar, it’s the way the domain-name registration system has evolved that invites such rampant abuse. “We have a system that allows people to provide completely bogus details about who they are,” Landesman says.The openness of the domain-name registration system and lack of effective oversight has allowed criminals to exploit it to carry out Internet-based crime, she says. “It’s not intentionally designed for this kind of abuse, but it works in favor of the criminals.”The system is “broken, and fixing it is the key to cutting down on these attacks,” she says. Related content opinion Cybersecurity professional job-satisfaction realities for National Cybersecurity Awareness Month Half of all cybersecurity pros are considering a job change, and 30% might leave the profession entirely. CISOs and other C-level execs should reflect on this for National Cybersecurity Awareness Month. By Jon Oltsik Oct 03, 2023 4 mins CSO and CISO CSO and CISO C-Suite feature The value of threat intelligence — and challenges CISOs face in using it effectively Knowing the who, what, when, and how of bad actors and their methods is a boon to security, but experts say many teams are not always using such intel to their best advantage. By Mary K. Pratt Oct 03, 2023 10 mins CSO and CISO CSO and CISO CSO and CISO news CIISec secures government funding to expand CyberEPQ program The funding will support places for 400 students with a focus on attracting a diverse pool of UK cybersecurity talent. By Michael Hill Oct 03, 2023 3 mins IT Training Careers Security news Multibillion-dollar cybersecurity training market fails to fix the supply-demand imbalance Despite money pouring into programs around the world, training organizations have not managed to ensure employment for professionals, while entry-level professionals are finding it hard to land a job By Samira Sarraf Oct 02, 2023 6 mins CSO and CISO Technology Industry IT Training Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe