As recently announced by the firm, Panama-based Mossack Fonseca joins the ever-growing list of global organizations who have fallen victim to public exposure of company data. OWL Cybersecurity’s investigation shows this data leak is in all likelihood due to external hacking activity.
Researchers continue to analyze the situation, and new vulnerabilities have come to light. One vulnerability which likely contributed to the exposure of the firm’s data is SQL injection. In SQL injection, an attacker runs malicious commands through input fields, or forms, on a website. These commands allow the attacker to gain access to information contained within a database. Mossack Fonseca's webmail site appears to have been vulnerable to SQL injection attacks, which may have allowed access to their internal data.
Countless companies utilize webmail for email access on the go. In order to safeguard against attacks of this nature, DarkOwl Cybersecurity recommends you work with web developer(s) to ensure secure implementation (input sanitization) of all web-based forms in use at your organization.