Following the news that a developer has discovered a way to use Google Web crawlers to perform SQL injection attacks on other people’s sites, Amichai Shulman, CTO of Imperva, explains why hackers target search engines:
“Google has been part of the hacking landscape for many years now. From the attacker’s perspective, there are a number of motivating factors for using search engines for this purpose:
· Achieving a high degree of anonymity: immediate tracks lead to the search engine rather than the attacker, detecting the actual source of the attack could require a very sophisticated degree of backtracking and correlation on the part of the search engine operator.
· Providing deeper penetration into target applications. It seems that some applications allow the search engine agents more access than provided for anonymous visitors.
· Improving attack efficiency. This is motivated by the abundance of networking and computing resources available for search engine agents and to the reluctance of security tools to block access of search engines
“No HTTP traffic should go into an application without being scrutinized for ATTACKS. While you can whitelist some IP addresses with respect to rules about automatic access and such, you should always inspect traffic for attacks such as SQL injection.”