By Randy Reiter, CEO, Don’t Be Breached and Sql Power Tools
How do Hackers gain access to Wordpress confidential database data?
Wordpress runs 34% of the Internet. The New York Times, USA Today, CNN, Mashable, eBay, Spotify, TechCrunch, CBS Local, NBC, and much more use WordPress. One of the things that makes Wordpress so powerful is the abundance of themes and plugins that assist in building a first-class web site.
Over 50,000+ WordPress plugins are available from 3rd party organizations. A plugin is a software containing functions that can be added to a WordPress website. They can extend functionality or add new features to WordPress websites.
The popularity of WordPress makes it a prime target for Hackers. Annually thousands of WordPress sites get hacked (i.e. data breaches occur). Hackers are after the confidential data stored in the databases that run WordPress web sites. Confidential database data includes names, addresses, payment information and much more.
Zero-Day Attacks and not current WordPress or plugins allow Hackers to perform a data breach and steal confidential database data. A Zero-Day Attack is a time between when a security vulnerability in a software plugin is published by the author and the updated plugin is applied to a web site to prevent a data breach. Hackers will be aware of the Zero Day vulnerability once it has been publicly announced. Hackers will now attempt to exploit it immediately to gain inside access to the Security Perimeter and steal confidential web site database data.
Other content management system (CMS) such as Joomia and Drupal web sites are also vulnerable to data breaches by Hackers or Rogue Insiders for the same reasons. The 51.3% of Internet websites that don’t use a content management system likewise are vulnerable to database data breaches for many of the same reasons.
How to Protect Confidential Web Site Database Data from Hackers or Rogue Insiders?
Confidential web site database data includes credit card, tax ID, medical, social media, corporate, manufacturing, law enforcement, defense, homeland security, and public utility data. This data is almost always stored in Cassandra, DB2, Informix, MongoDB, MariaDB, MySQL, Oracle, PostgreSQL, SAP Hana, SQL Server, and Sybase databases. Once inside the security perimeter commonly installed database utilities can be used by Hackers or Rogue Insiders to steal confidential database data.
Non-intrusive network sniffing can capture the normal database query or SQL activity from a network tap or proxy server with no impact upon the database server. This SQL activity is quite predictable. Database servers servicing 10,000 end-users typically process daily 2,000 to 10,000 unique query or SQL operations that run millions of times a day.
Advanced SQL Behavioral Analysis of the Web Site Database Query or SQL Activity
Advanced SQL Behavioral Analysis of the web site SQL activity learns what the normal query activity is. Now from a network tap or proxy server the database query and SQL activity can be non-intrusively monitored in real-time and non-normal SQL activity immediately identified. Non-normal SQL activity from a Hackers or Rogue Insiders can be detected in a few milli seconds. The Hacker database session can be immediately terminated and the Security Team notified so that confidential database data is not stolen.
Advanced SQL Behavioral Analysis of the query activity can go even further and learn the maximum amount of data queried plus the IP addresses all queries were submitted from for each of the unique SQL queries sent to a database. This type of data protection can detect never before observed query activity, queries sent from a never observed IP address and queries sending more data to an IP address than the query has ever sent before. This allows real-time detection of Hackers and Rogue Insiders attempting to steal confidential web site database data. Once detected the security team can be notified within a few seconds so that a data breach is prevented.
About the Author
Randy Reiter is the CEO of SQL Power Tools. He is the architect of the Database Cyber Security Guard product, a database data breach prevention product for Informix, MariaDB, Microsoft SQL Server, MySQL, Oracle, and Sybase databases. He has a Master’s Degree in Computer Science and has worked extensively over the past 25 years with real-time network sniffing and database security. Randy can be reached online at firstname.lastname@example.org, www.DontBeBreached.com, and www.Sqlpower.com/Cyber-Attacks.