Mass web compromises have typically redirected visitors to a handful of central malware sites, but a peer-to-peer approach will make mass attack more pernicious. Massive website compromises using a technique known as SQL injection has long been a top security concern for Web developers and site owners. Now, the attacks may become harder to detect and prevent, according to one security firm’s analysis.Web security firm Armorize announced that it had detected a new type of mass SQL injection attack that uses a simple form of peer-to-peer networking to make the compromised network hard to take down. Historically, mass web attacks are simple: Code written in the structured query language (SQL) is sent to the back-end web database using a vulnerability in the site’s code. When the security flaw is in a common application, the attack can compromise thousands of sites at the same time.In the latest version of the attack, rather than injecting sites with a single static script that points visitor browsers to a handful of malicious download sites, the attackers create a dynamic script that sends visitors to a previously compromised Web server. The new technique makes blacklisting much harder, says Wayne Huang, president and chief technology officer of Armorize.“We found that the infected websites form a big mesh — everybody is injected with a malicious script that points to each other,” says Huang. “Every infected Web site is serving as a redirector for one another. You can’t anybody, because everyone is a redirector.” Blacklisting is a problem. Armorize found that, of a sample of 700 sites that belonged to a compromised mesh network, only 20 percent of the sites had been blacklisted by Google for attempting to upload malicious code to users. Another 10 percent of the sites were compromised previously by a different attack and were blacklisted because of that rogue behavior, the company said in a blog post describing their findings.The company found that more than 20,000 sites from Alexa’s top 1 million had the malicious script, “sidename.js” running on the server. The current attack does have a weakness, points out Neil Daswani, co-founder and CTO of web anti-malware company Dasient. Cleaning up the malicious code from the infected sites will stop the code from being downloaded. Yet, that will only be true for a short while, he says.“It will only be a matter of time before attacks like Sidename take on an even more resilient, peer-to-peer structure where infected sites source in malicious code from multiple additional infected sites so that an infected site will still serve drive-by-downloads even if one or more of the sites that code is being sourced in from cleaned up,” Daswani says.The attack underscores that site owners need to do better security analyses of their sites, says Thomas Kristensen, chief security officer for Secunia. Most companies, however, will not tackle remediating expensive vulnerabilities in their Web sites unless it is a priority from executives, he says.“Even though a lot of geeks think that, well, we really need to do something about our security, unless it is financially backed, nothing is going to happen,” Kristensen says. Related content news UK Cyber Security Council CEO reflects on a year of progress Professor Simon Hepburn sits down with broadcaster ITN to discuss Council’s work around cybersecurity professional standards, careers and learning, and outreach and diversity. By Michael Hill Sep 27, 2023 3 mins Government Government Government news FIDO Alliance certifies security of edge nodes, IoT devices Certification demonstrates that products are at low risk of cyberthreats and will interoperate securely. By Michael Hill Sep 27, 2023 3 mins Certifications Internet Security Security Hardware news analysis Web app, API attacks surge as cybercriminals target financial services The financial services sector has also experienced an increase in Layer 3 and Layer 4 DDoS attacks. By Michael Hill Sep 27, 2023 6 mins Financial Services Industry Cyberattacks Application Security news Immersive Labs adds custom 'workforce exercising' for each organizational role With the new workforce exercising capability, CISOs will be able to see each role’s cybersecurity readiness, risk areas, and exercise progress. By Shweta Sharma Sep 27, 2023 3 mins Security Software Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe