Skip to main content
  1. Home
  2. Computing
  3. News

Russian cybercriminal hacked more than 60 government, education agencies

By

exploit
Image used with permission by copyright holder
Studies have shown that millions of internet-connected machines are vulnerable to cyberattack based on a variety of configuration and other issues. One vulnerability that cybercriminals can use to relatively easily attack systems is called “SQL injection,” meaning that a database server that doesn’t carefully check the data submitted on web forms, for example, can be compromised.

One SQL injection, or SQLi, threat is known as “Rasputin,” referring to a Russian-speaking cybercriminal who has been linked to a number of attacks against various government and private agencies. A recent attack by Rasputin targeted over 60 government and educational institutions, and the solution to such attacks is to change the penalties and incentives related to resolving SQLi issues, according to a recent Recorded Future analysis.

Recorded Future
Recorded Future
Recommended Videos

Recorded Future is a threat intelligence company that uses machine learning to reduce online security risks. The company worked with law enforcement in December 2016 to assess the database attack on the United States Election Assistance Commission (EAC) and the eventual sale of information. It’s Recorded Future who gave the actor the name Rasputin, and according to its analysis, Rasputin used SQLi technology to hack into the EAC’s database.

Related

SQLi attacks nothing new, having been around for more than 15 years. Malicious agents don’t need special skills or knowledge to conduct SQLi attacks, given that a number of tools are freely available that automate finding and attacking vulnerable database servers. The tools literally make conducting SQLi attacks a “point and click” affair.

Recorded Future
Recorded Future

Rasputin is a bit more sophisticated, as Recorded Future reports, having created his own proprietary SQLi tool. The reason for investing the time in creating such a tool and carrying out such attacks is purely financial — there’s a significant market for information that can generate real money for cybercriminals.

Recorded Future concludes that a number of steps need to be taking to respond to SQLi attacks and reduce their prevalence and impact. First is to raise awareness among developers, but that’s not enough. Rather, penalties and incentives need to be created to make it worthwhile to maintain database and web form security. Until the issues are addressed, however, agents like Rasputin will have their own incentives to hack into our data, often with serious repercussions.

Editors' Recommendations

Topics
Mark Coppock
Mark Coppock
Computing Writer
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
The 6 best Steam Deck alternatives in 2024
The game library of the Lenovo Legion Go.

Thanks to some great brand recognition and the fact pretty much all PC gamers are tied into the Steam ecosystem anyhow, it makes sense that we all gravitate towards the Steam Deck when it comes to portable gaming with a highly customizable flavor. The relatively recent addition of the Steam Deck OLED has made it even more appealing with great screen quality improving the experience. However, what about if you want to try something other than the Steam Deck? It’s a great portable console but it isn’t perfect and other options may suit your needs better.

To help you figure out what’s best for your needs, we’ve picked out some of the best Steam Deck alternatives currently available. Each system offers a slightly different experience to the Steam Deck while providing the same great game playing experience, across different gaming ecosystems. To help you come to the best decision, we’ve also looked at why we’ve picked the consoles we’ve picked. Read on while we take you through everything you ned to know.
The best Steam Deck alternatives in 2024

Read more
The 6 best detachable laptops in 2024
The Surface Pro 9 with the Type Cover keyboard lifted up.

Detachable laptops – or tablets with removable keyboards – are a popular alternative to traditional laptops. These devices are ultra-portable and versatile, allowing you to stow them in even the most cramped backpack. They also serve as both tablet and laptop, letting you make use of their touchscreen for notetaking or drawing before reattaching their keyboard to type up a lab report or presentation.

There are hundreds of detachable laptops to choose from in 2024, including powerful models from Microsoft, Apple, Dell, and ASUS. However, it can be hard to narrow down all the options, as many of them offer similar specs or identical designs.

Read more
I want to love Asus’ gaming earbuds, but there are problems
The Asus Cetra Supernova earbuds sitting on top of a gaming PC.

I've been warming up to gaming earbuds over the past couple of years. Although one of the best headsets for PC gaming wins in terms of immersion, the low-profile nature of earbuds is better for comfort during long gaming sessions. Asus seems to agree, with its new Cetra True Wireless SuperNova earbuds squarely targeting gamers who value comfort as much as sound quality.

The $200 earbuds sound like the perfect package. You've getting noise cancellation, a low-latency connection, high-fidelity audio, and support for just about any platform imaginable. The package is excellent, and Asus manages fantastic audio quality and comfort while packing in many features. Still, there are a handful of minor issues here that Asus needs to address, especially at the premium price it's asking, which is where my problems lie.
Meet the Cetra True Wireless SuperNova

Read more