According to the threat intelligence firm Recorded Future, a Russian-speaking black hat hacker, known as ‘Rasputin‘, hacked systems of more than 60 universities and U.S. Government agencies.
We met Rasputin in December 2016, when he was offering for sale stolen login credentials for a U.S. agency that tests and certifies voting equipment, the U.S. Election Assistance Commission (EAC). Rasputin uses to exploit SQL injection flaws to gain access to sensitive information that he can sell on cybercrime marketplaces.
Rasputin uses SQL injection vulnerabilities to compromise target systems and steal sensitive information that he offers for sale cybercrime black markets.
Record Future has been following Rasputin since 2015, according to the security firm he may also have tried to sell details about the SQL injection to a broker working on behalf of a Middle Eastern government.
Based on Rasputin’s historical criminal forum activity, the experts exclude he is sponsored by a foreign government.
Researchers at Recorded Future identified many of the Rasputins’ victims, including ten universities in the United Kingdom, over two dozen universities in the United States, and many US government agencies.
The hacker breached the systems of government agencies includes local, state and federal organizations. The list of victims includes the Postal Regulatory Commission, the Health Resources and Services Administration, the Department of Housing and Urban Development, and the National Oceanic and Atmospheric Administration.
There are plenty of free tools that can be used to find and exploit SQL injection vulnerabilities, including Havij, Ashiyane SQL Scanner, SQL Exploiter Pro, SQLI Hunter, SQL Inject Me, SQLmap and SQLSentinel.Rasputin has been using a SQL injection tool that he developed himself.
Rasputin doesn’t use free SQL injection scanners, he has been using a SQL injection tool that he developed himself instead.
“Financial profits motivate actors like Rasputin, who have technical skills to create their own tools to outperform the competition in both identifying and exploiting vulnerable databases. ” reads the analysis published by Recorded Future.
Experts from Recorded Future highlighted that while the level of awareness of SQL injection vulnerabilities is high, the organizations lack basic secure coding practices.
Recorded Future pointed out that addressing these types of flaws can often be costly, for this reason companies use to postpone the fixing activities until the budget is available, but sometimes it is too late.
“SQLi vulnerabilities are simple to prevent through coding best practices. Over 15 years of high-profile data breaches have done little to prevent poorly programmed web applications and/or third-party software from being used by government, enterprises, and academia.” continues the analysis. “Some of the most publicized data breaches were the result of SQLi including large corporations like Heartland Payment Systems, HBGary Federal, Yahoo!, Linkedin, etc.”
(Security Affairs – Rasputin, hacking)