Attackers Target Apple, Steal Login Credentials

By Author: eccuni
Total Articles: 211
Comment this article

Recently, Anonymous group reportedly claimed access to administrative login credentials associated with an Apple server. The self-proclaimed Internet vigilante group also allegedly posted a link of the compromised server. The latest attack seems to part of the Anti-Sec campaign, which attackers claim to be targeted at corrupt governments and organizations. Attackers were reportedly successful in extracting at least 26 administrative login credentials. Apple has not yet confirmed the security incident. Over the last few months, there have been a series of attacks on government and corporate websites, which include U.S Senate, Central Intelligence Agency (CIA), various websites of Sony Corporation, AT&T as well as several Malaysian, Turkish, Brazilian government websites. Recently, attackers also targeted Viacom, Universal Music Group, several Orlando city related websites, and Arizona Department of Public Safety. The attack group has also warned of further attacks targeted on the developer.

Structured Query Language (SQL) is used to support SQL-based database systems. Websites are supported by these database systems. ...
... Cyber-attackers use SQL injection to gain access to databases associated with the website and view, extract, delete or alter the contents. Attackers use a malicious script in the form database query. The script is injected into the strings by inserting special characters, terminating and appending text strings, inserting erroneous entries to alter the inputs before their execution. SQL injection attacks could be prevented through appropriate input validation, escaping user input and using stored procedures. Parameterized queries could be used to prevent use of special characters. Restricting use of SQL statements and allowing only those statements that are used by the application may also help in preventing SQL injection attacks. On gaining access to confidential customer and business databases, attackers may use the information to compromise more user accounts or launch more sophisticated attacks. Attackers may also place the extracted information online.

Organizations must make regular evaluation of the website security. Professionals qualified in secured programming and penetration testing may detect and remediate security vulnerabilities. IT masters degree and computer science degree holders may help in appropriate assessment of security risks. Organizations must place high emphasis on ensuring confidentiality, integrity and security of databases. Proactive approach is crucial to deal with persistent attacks, security and data breach incidents. Security certification and online university degree programs may help cyber security professionals to meet their training requirements.

Governments must have a robust policy to tackle consistent threats to public bodies and private corporations. Creation of cyber security centers by pooling cyber security expertise from various departments, corporations and counter crime agencies may help in identifying security threats, making appropriate assessment, evaluating their impact, and devising appropriate risk responses. Attacks on critical infrastructure may have serious repercussions on business and economy. Information sharing among different government, corporate, law enforcement and security researchers could facilitate initiation of appropriate measures to secure the IT infrastructure from identified threats. Governments may collaborate with educational institutions and universities to devise and promote online degree programs on cyber security to meet the future needs of IT experts and improve computing practices among Internet users.