It isn’t often that organizations admit they’re the victim of malware. So it comes as no surprise that the province of Nova Scotia has now publicly acknowledged that a month ago its lobbyist registry was knocked out by a SQL injection virus and won’t be back online until next week.
Created in 2002, the registry is part of Access Nova Scotia, a collection of online services for the public and businesses. Persons who lobby the government on issues have to list their names in the registry database, which can be searched by the public.
Not only is the database closed, but also the links to Web pages that explain the registry.
In an email to ComputerWorld Canada, Susan Mader Zinck, communications advisor to Service Nova Scotia, said the registry has 84 names. The department notified everyone who has an account about technical difficulties, she said, and the Web site had information for the public on how to contact the office for information.
She wouldn’t give details of how the virus was able to attack the site. The province uses technical measures to prevent attacks, she wrote, “but occaisionally viruses can slip through between updates.”
To protect against future attacks the IT department has added code to format the Web site’s SQL statements in such a way they are not vulnerable, she added. The department is also reviewing other sites to ensure there hasn’t been a breach.
Next-generation IPS and firewall
Next-generation enterprise firewalls (NGFW) include intrusion prevention system (IPS) technology that enables them to spot and block cyber attacks. But they do not replace IPS solutions—you need both. This HP business white paper shows how NGFW and next-generation IPS (NGIPS) are complementary security solutions that work together to secure your network.