Kaspersky Lab has revealed that it was hit by an SQL injection originating from Romania.
After it was hit last weekend, the company had refused to comment directly on what happened, but has issued a statement confirming that a vulnerability was found in the new version of its usa.kaspersky.com/support website.
The statement said: “We analysed the log files and found requests with SQL injection. There were several attackers with IP addresses from Romanian ISPs. The requests were initially made with an automated tool - the screenshots showed that the hackers used a variant of an Acunetix tool.”
The company explained that once the initial probes told the attackers that this section was vulnerable they attempted to manually exploit the vulnerability to get data about the structure of the database.
The hackers used an Information_Schema database to query existing table names and table columns and after collecting field names, the attackers made a few attempts to extract the data from tables.
As the attackers specified the wrong database the queries failed, and the attackers stopped after they got only the column and table names from the database.
The statement said: “No data modification queries were logged. After conducting the attack, the attackers decided to show off their ‘great code of ethics' by sending Kaspersky an email - on a Saturday to several public email boxes. They gave us exactly one hour to respond. And posted on their blog without having received a response.”
The company claimed that it was lucky that ‘the hackers proved to be more interested in fame than in causing damage' and encouraged companies to focus on secure development as a key priority for web development and to check and re-check your processes and code.