Last year was the year of the SQL injection attack, according to IBM's Internet Security Systems X-Force 2008 Trend Statistics report.
"SQL injection, in particular, took off in 2008," says X-Force researcher Tom Cross, noting that the annual trend report concludes that 55 percent of all vulnerability disclosures made by vendors affected web applications, a number that does not include custom-developed web applications.
Of those vulnerability disclosures, SQL injection-related vulnerabilities jumped 134 percent to replace cross-site scripting as the predominant type of web application vulnerability last year.
So it comes as no surprise that attacks against websites vulnerable to SQL injection rose from an average of a few thousand per day at the beginning of 2008 to several hundred thousands per day by year end, said the IBM report.
In fact, news reports of 2008 did chronicle the occurrences of massive SQL-injection attacks that spanned the globe, sometimes causing huge disruption to organisations that had not patched applications or deployed defensive measures such as web-application firewalls.
The IBM security-trends report also identifies other notable events in 2008, including the shutdown on 11 November of the web hoster McColo by two upstream ISPs, Hurricane Electric and Global Crossing.
McColo had been a major source of spam production in the US, and its "takedown," as IBM refers to it, was an event that had an impact in terms of spam volumes.
Just days before the McColo takedown, the United States had been ranked the No. 1 spot worldwide at 14.2 percent of spam production, followed by Russia, Turkey, Spain and Brazil. But after the McColo takedown, the United States immediately dropped to third place at 8 percent, with China suddenly surging to top place at 12.7 percent, the IBM report says.
But in the mercurial world of spam production, things can change quickly and Brazil ended up as the top spam generation spot by year-end with 11.7 percent of global production. The United States stood at 8.1 percent, followed by China at 6.6 percent, Turkey at 5.7 percent and Russia at 5.7 percent. "Looks like Brazil is now taking the lead as a source of spam," Cross said.