Skip to main content

Russian cybercriminal hacked more than 60 government, education agencies

exploit
Image used with permission by copyright holder
Studies have shown that millions of internet-connected machines are vulnerable to cyberattack based on a variety of configuration and other issues. One vulnerability that cybercriminals can use to relatively easily attack systems is called “SQL injection,” meaning that a database server that doesn’t carefully check the data submitted on web forms, for example, can be compromised.

One SQL injection, or SQLi, threat is known as “Rasputin,” referring to a Russian-speaking cybercriminal who has been linked to a number of attacks against various government and private agencies. A recent attack by Rasputin targeted over 60 government and educational institutions, and the solution to such attacks is to change the penalties and incentives related to resolving SQLi issues, according to a recent Recorded Future analysis.

Recorded Future
Recorded Future

Recorded Future is a threat intelligence company that uses machine learning to reduce online security risks. The company worked with law enforcement in December 2016 to assess the database attack on the United States Election Assistance Commission (EAC) and the eventual sale of information. It’s Recorded Future who gave the actor the name Rasputin, and according to its analysis, Rasputin used SQLi technology to hack into the EAC’s database.

SQLi attacks nothing new, having been around for more than 15 years. Malicious agents don’t need special skills or knowledge to conduct SQLi attacks, given that a number of tools are freely available that automate finding and attacking vulnerable database servers. The tools literally make conducting SQLi attacks a “point and click” affair.

Recorded Future
Recorded Future

Rasputin is a bit more sophisticated, as Recorded Future reports, having created his own proprietary SQLi tool. The reason for investing the time in creating such a tool and carrying out such attacks is purely financial — there’s a significant market for information that can generate real money for cybercriminals.

Recorded Future concludes that a number of steps need to be taking to respond to SQLi attacks and reduce their prevalence and impact. First is to raise awareness among developers, but that’s not enough. Rather, penalties and incentives need to be created to make it worthwhile to maintain database and web form security. Until the issues are addressed, however, agents like Rasputin will have their own incentives to hack into our data, often with serious repercussions.

Editors' Recommendations

Mark Coppock
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
Apple has a chance to fix Mac gaming for good in 2024
Lies of P being played on an iMac.

Looking back, 2023 was a banner year for Mac gaming. As a gamer, it feels really surreal to say that, given how disappointing the past has been. But it’s true -- and for the first time in a long time, the sun is shining on Mac gamers.

We’ve had the M3 series of chips with hardware ray tracing, mesh shading, and improved GPUs. On the software side, Apple has built-in tools like Game Mode and a game porting toolkit into macOS. And some massive games have come to the Mac, including Baldur’s Gate 3 and Lies of P.

Read more
The 10 best laptop deals in Best Buy’s 3-Day Sale — from $120
A bird's eye view of a person working on a laptop.

If you missed out on the Black Friday and Cyber Monday sales from a couple of weeks ago, don't worry. Best Buy is having a massive sale that includes many laptops for you to pick from. That includes everything from Chromebooks to gaming laptops and everything in between. That said, there are a lot of choices to pick from, so we've selected our favorite deals below to make it a little bit easier for you and to give you a solid starting point. That said, check out the full Best Buy sale using the button below to see everything available.

Our Favorite Laptop Deal in Best Buy's 3-Day Sale

Read more
The 3 best MacBook deals in Best Buy’s 3-day sale — from $800
An Apple MacBook laptop on a tabletop. There is a potted plant and an AirPods case next to it.

MacBooks can get quite expensive, which is why it's always a good idea to wait for a sale before springing for a new one, although those tend to be rare these days. That said, there are a couple of MacBook deals for you in Best Buy's 3-day sale, so if you've always wanted to pick one up, now is the time. That said, if you'd like to see some options outside of Apple's ecosystem, check out everything Best Buy has to offer using the link below.

Our Favorite MacBook Deal in Best Buy's 3-Day Sale

Read more