Submitted via IRC for soycow1984
They may not grab the most headlines, but injection attacks are the most common threats targeting organizational networks, according to IBM MSS data.
The facts are clear. According to IBM X-Force analysis of IBM Managed Security Services (MSS) data, injection attacks are the most frequently employed mechanism of attack against organizational networks. In fact, for the period assessed (January 2016 through June 2017), injection attacks made up nearly half — 47 percent — of all attacks. The most common types were operating system command injection (OS CMDi) and SQL injection (SQLi). Injection attacks versus all attacks. Figure 1: Injection attacks versus all attacks (Source: IBM Managed Security Services data).
Attackers take advantage of injection vulnerabilities in operating systems and applications to penetrate critical web servers and access back-end databases. From using malicious webshells to planting cryptocurrency mining tools or malicious PHP scripts, there are many ways in which cybercriminals can use injection attacks to reach their end goal.
(Score: 3, Informative) by Thexalon on Wednesday November 08 2017, @09:41PM
Been done already: Remember the "I Am Rich [wikipedia.org]" phone app that did absolutely nothing but demonstrate that somebody could pay a grand for an app that does nothing?
The only thing that stops a bad guy with a compiler is a good guy with a compiler.