Skip to main content

Russian cybercriminal hacked more than 60 government, education agencies

exploit
Image used with permission by copyright holder
Studies have shown that millions of internet-connected machines are vulnerable to cyberattack based on a variety of configuration and other issues. One vulnerability that cybercriminals can use to relatively easily attack systems is called “SQL injection,” meaning that a database server that doesn’t carefully check the data submitted on web forms, for example, can be compromised.

One SQL injection, or SQLi, threat is known as “Rasputin,” referring to a Russian-speaking cybercriminal who has been linked to a number of attacks against various government and private agencies. A recent attack by Rasputin targeted over 60 government and educational institutions, and the solution to such attacks is to change the penalties and incentives related to resolving SQLi issues, according to a recent Recorded Future analysis.

Recorded Future
Recorded Future
Recommended Videos

Recorded Future is a threat intelligence company that uses machine learning to reduce online security risks. The company worked with law enforcement in December 2016 to assess the database attack on the United States Election Assistance Commission (EAC) and the eventual sale of information. It’s Recorded Future who gave the actor the name Rasputin, and according to its analysis, Rasputin used SQLi technology to hack into the EAC’s database.

SQLi attacks nothing new, having been around for more than 15 years. Malicious agents don’t need special skills or knowledge to conduct SQLi attacks, given that a number of tools are freely available that automate finding and attacking vulnerable database servers. The tools literally make conducting SQLi attacks a “point and click” affair.

Recorded Future
Recorded Future

Rasputin is a bit more sophisticated, as Recorded Future reports, having created his own proprietary SQLi tool. The reason for investing the time in creating such a tool and carrying out such attacks is purely financial — there’s a significant market for information that can generate real money for cybercriminals.

Recorded Future concludes that a number of steps need to be taking to respond to SQLi attacks and reduce their prevalence and impact. First is to raise awareness among developers, but that’s not enough. Rather, penalties and incentives need to be created to make it worthwhile to maintain database and web form security. Until the issues are addressed, however, agents like Rasputin will have their own incentives to hack into our data, often with serious repercussions.

Mark Coppock
Mark Coppock is a Freelance Writer at Digital Trends covering primarily laptop and other computing technologies. He has…
This Alienware gaming PC with RTX 4090 is almost $1,000 off
Alienware Aurora R16 sitting on a coffee table.

Is your current gaming PC on its last legs? If you need an upgrade, check out Dell's offer for the Alienware Aurora R16 gaming desktop with the Nvidia GeForce RTX 4090 graphics card. From its original price of $4,695, the machine is down to $3,700. It's still pretty expensive, but you won't always get the chance to buy such a powerful gaming PC with a nearly $1,000 discount. However, if you want to pocket the savings of $995, you're going to have to be quick with your purchase as there's no telling when this bargain expires.

Why you should buy the Alienware Aurora R16 gaming desktop
The Alienware Aurora R16, which received a rating of four out of five stars in our review, sits on top of our list of the best gaming PCs. Compared to the Alienware Aurora R15, this latest version of the gaming desktop is around half the size without compromising power or thermals, with upgraded internals for even better performance. In addition to the Nvidia GeForce RTX 4090 graphics card, this configuration of the Alienware Aurora R16 features the 14th-generation Intel Core i9 processor and 64GB of RAM, which our guide on how to buy a gaming desktop says would be useful for those who will use their machine for other purposes beyond gaming, such as editing videos.

Read more
Apple is surveying its own employees about smart glasses idea
Apple Fifth Avenue Store Apple Logo

Apple is asking its employees how they feel about smart glasses as the tech giant considers entering the fledgling market, according to the latest report from the prominent Apple tipster Mark Gurman.

Citing people with knowledge of the matter, Gurman said on Monday that Apple has started gathering feedback from employees in focus groups organized by the company’s Product Systems Quality team, which is part of Apple's hardware engineering division.

Read more
The humble bumblebee just messed things up for Meta
A close-up of a bee.

The humble bumblebee has played a part in obstructing an ambitious construction project by Meta, according to a Financial Times (FT) report.

The Mark Zuckerberg-led tech giant has apparently had to abandon a plan to build a nuclear-powered AI data center partly because a rare bee species has been found on the land where the facility would have been built.

Read more