Cloud Security

Web Application Attacks Challenge Both Cloud, On-Premise Environments

Web application attacks are posing a significant threat to both service provider and on-premise environments, according to a new report on cloud security by Alert Logic.

Brian Prince

March 26, 2013

Web application attacks are posing a significant threat to both service provider and on-premise environments, according to a new report on cloud security by Alert Logic.

In its latest ‘State of Cloud Security Report‘, Alert Logic that Web application and brute force attacks were the most common security incidents affecting both on-premise and service provider environments. According to the report, which was conducted during a six-month period, 48 percent of the customers whose data was analyzed for the study were impacted by verifiable Web application attacks. Web application attacks affected roughly half (52 percent) of the cloud hosting provider environments, while 39 percent of enterprise environments experienced such attacks.

The frequency of attacks hitting enterprise data centers was higher than cloud hosting provider environments, the study found, with the frequency of reconnaissance attacks being nearly 10 times higher in enterprise environments than in the cloud. In the case of malware and botnet attacks, data center environments were targeted nearly three times more frequently than cloud environments.

Different IT environments face different threats. Attacks in enterprise data centers tend to be more sophisticated and targeted, versus cloud hosting provider environments, which experience more opportunistic threat activity. Nearly half (49 percent) of enterprise environments in the study experienced verified malware/botnet activity, compared to just five percent of cloud hosting provider environments.

Cloud hosting provider environments typically face a smaller variation in terms of the types of threats. According to the report, customers using enterprise data center environments experienced an average of 2.5 types of incidents, while those using cloud hosting provider environments experienced an average of 1.8 incident types.

“The data confirms what we suspected. Web application attacks continue to be a serious threat across all environments,” said Stephen Coty, director of security research with Alert Logic, in a statement. “These types of threats are easily launched through automated tools and should be a top concern for any organization that is serious about security.”

Written By Brian Prince

Marketing professional with a background in journalism and a focus on IT security.

Latest News

Click to comment

CIEM Chat: How to Reduce Cloud Identity Risk

March 26, 2024

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Virtual Event: Ransomware Resilience & Recovery Summit

April 17, 2024

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Navigating Vendor Speak: A Security Practitioner’s Guide to Seeing Through the Jargon

As a security industry, we need to focus our energies on those professionals among us who know how to walk the walk. (Joshua Goldfarb)

SD-WAN: Don’t Build a Dead End, Prepare for Future-Proof Secure Networking

SD-WAN must be scalable, stable, secure, and fully operational to serve as a strong base for seamless modernization and progression to SASE. (Etay Maor)

You Against the World: The Offenders Dilemma

Foreign attackers have many more toolsets at their disposal, so we need to make sure we’re selective about our modeling, preparation and how we assess and fortify ourselves. (Tom Eston)

Why Intelligence Sharing Is Vital to Building a Robust Collective Cyber Defense Program

With automated, detailed, contextualized threat intelligence, organizations can better anticipate malicious activity and utilize intelligence to speed detection around proven attacks. (Marc Solomon)

Know Your Audience When Speaking to Security Practitioners

How can security practitioners make sense of the vendor landscape and separate those who talk a good game from those who can execute, perform, and solve real problems for enterprises? (Joshua Goldfarb)

Application Security

Source Code Security Firm Cycode Launches With $4.6 Million in Funding

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Eduard KovacsSeptember 24, 2019

CISO Conversations

CISO Conversations: CISOs in Cloud-based Services Discuss the Process of Leadership

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.

Kevin TownsendAugust 15, 2023

Cloud Security

Microsoft Cloud Hack Exposed More Than Exchange, Outlook Emails

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

Ryan NaraineJuly 21, 2023

CISO Strategy

Okta Hack Blamed on Employee Using Personal Google Account on Company Laptop

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Ryan NaraineNovember 3, 2023

Application Security

VMware Patches VM Escape Flaw Exploited at Geekpwn Event

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Ryan NaraineDecember 13, 2022

Application Security

Fortinet Ships Emergency Patch for Already-Exploited VPN Flaw

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Ryan NaraineDecember 12, 2022

Application Security

CSRF Vulnerability in Kudu SCM Allowed Code Execution in Azure Services

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Ionut ArghireJanuary 19, 2023

Cloud Security

VMware vCenter Flaw So Critical, Patches Released for End-of-Life Products

VMware described the bug as an out-of-bounds write issue in its implementation of the DCE/RPC protocol. CVSS severity score of 9.8/10.

Ryan NaraineOctober 25, 2023

SECURITYWEEK NETWORK:

ICS:

SecurityWeek

Cloud Security

Web Application Attacks Challenge Both Cloud, On-Premise Environments

More from Brian Prince

Latest News

Trending

CIEM Chat: How to Reduce Cloud Identity Risk

Virtual Event: Ransomware Resilience & Recovery Summit

People on the Move

Expert Insights

Navigating Vendor Speak: A Security Practitioner’s Guide to Seeing Through the Jargon

SD-WAN: Don’t Build a Dead End, Prepare for Future-Proof Secure Networking

You Against the World: The Offenders Dilemma

Why Intelligence Sharing Is Vital to Building a Robust Collective Cyber Defense Program

Know Your Audience When Speaking to Security Practitioners

Related Content

Application Security

Source Code Security Firm Cycode Launches With $4.6 Million in Funding

CISO Conversations

CISO Conversations: CISOs in Cloud-based Services Discuss the Process of Leadership

Cloud Security

Microsoft Cloud Hack Exposed More Than Exchange, Outlook Emails

CISO Strategy

Okta Hack Blamed on Employee Using Personal Google Account on Company Laptop

Application Security

VMware Patches VM Escape Flaw Exploited at Geekpwn Event

Application Security

Fortinet Ships Emergency Patch for Already-Exploited VPN Flaw

Application Security

CSRF Vulnerability in Kudu SCM Allowed Code Execution in Azure Services

Cloud Security

VMware vCenter Flaw So Critical, Patches Released for End-of-Life Products

SECURITYWEEK NETWORK:

ICS:

More from Brian Prince

Latest News

Trending

Daily Briefing Newsletter

CIEM Chat: How to Reduce Cloud Identity Risk

Virtual Event: Ransomware Resilience & Recovery Summit

People on the Move

Expert Insights

Navigating Vendor Speak: A Security Practitioner’s Guide to Seeing Through the Jargon

SD-WAN: Don’t Build a Dead End, Prepare for Future-Proof Secure Networking

You Against the World: The Offenders Dilemma

Why Intelligence Sharing Is Vital to Building a Robust Collective Cyber Defense Program

Know Your Audience When Speaking to Security Practitioners

Related Content

Application Security

Source Code Security Firm Cycode Launches With $4.6 Million in Funding

CISO Conversations

CISO Conversations: CISOs in Cloud-based Services Discuss the Process of Leadership

Cloud Security

Microsoft Cloud Hack Exposed More Than Exchange, Outlook Emails

CISO Strategy

Okta Hack Blamed on Employee Using Personal Google Account on Company Laptop

Application Security

VMware Patches VM Escape Flaw Exploited at Geekpwn Event

Application Security

Fortinet Ships Emergency Patch for Already-Exploited VPN Flaw

Application Security

CSRF Vulnerability in Kudu SCM Allowed Code Execution in Azure Services

Cloud Security

VMware vCenter Flaw So Critical, Patches Released for End-of-Life Products