Connect with us

Hi, what are you looking for?


Application Security

Automation Fuels Onslaught of Web App Attacks: Report

Attacks designed to compromise users and steal sensitive data are increasing in magnitude and velocity as cybercriminals leverage automated tools, Imperva’s annual Web Application Attack Report (WAAR) reveals.

Attacks designed to compromise users and steal sensitive data are increasing in magnitude and velocity as cybercriminals leverage automated tools, Imperva’s annual Web Application Attack Report (WAAR) reveals.

While automated attacks are by no means a new tactic for cybercriminals, according to the recently released report (PDF), Imperva has seen an increase in the number of SQL injection (SQLi) and cross site scripting (XSS) attacks, as well as an increase in attacks targeting healthcare applications. On the positive side, the number of attacks successfully identified and blocked also increased, the report said.

Web Application attacks

Imperva noted that all of the applications analyzed in the report were attacked, and over 75 percent were targeted by all of the eight attack types the company has identified. The eight attack types include: SQLi, remote file inclusion (RFI), remote code execution (RCE), directory traversal (DT), XSS, spam, file upload (FU), and HTTP reconnaissance.

Given the large number of identified and blocked attacks, the company assumes that hackers are using automation to launch more effective attacks against their targets.

The report also found that the number of specific malicious attacks increased compared to last year and that SQL Injection attacks were 3 times higher, while XSS attacks increased by a factor of 2.5. The security firm also observed that all of the analyzed applications suffered Shellshock attacks in very similar numbers and that both the magnitude and frequency of attacks increased as soon as a vulnerability was made public. 

Content Management Systems (CMS) targets registered 3 times more attacks than non-CMS applications, with WordPress being attacked 3.5 times more than non-CMS applications, and 7 times more for Spam and RFI attacks than non-CMS applications. Health applications were 10 times more popular for XSS attacks than other applications.

The 2015 WAAR report analyzed approximately 300,000 attacks and over 22 million cyber alerts on 198 applications between January 1 and June 30 this year. The report showed that half of the applications registered over 20 SQLi attacks during the timeframe, experiencing an average of 72 malicious requests, with the highest attack magnitude peaking at 400,000 malicious requests.

Advertisement. Scroll to continue reading.

“This year’s report illustrates that any and every web application may come under attack by cyber criminals, due in large part to the fact that hackers have industrialized – making broad attacks possible – the techniques used to gain access to valuable personally identifiable information. As a result, every web application is at risk,” Amichai Shulman, Co-Founder and Chief Technology Officer of Imperva, said.

In last year’s WAAR, Imperva revealed that WordPress was the most popular target for cybercriminals, as WordPress websites were attacked 24.1 percent more than sites running on all other CMS platforms combined

“In the same way that automation has transformed traditional industries, automation is transforming the economy of cyber attackers, and rewriting the rules of enterprise risk in the process,” SecurityWeek columnist Wade Williamson wrote in a Sept. 2014 column.

“Automated attacks are cheap, tireless, and can target virtually any functionality that we expose to our end-users. Because of their reach, these attacks become both highly probable and enormous in scale. This makes understanding automated threats essential in order to understand IT and enterprise risk.”

Web technologies are inherently vulnerable to automation, and have given rise to a new breed of scripted attacks, Williamson said.

“In its simplest form, the problem boils down to the fact that web front-ends typically must remain exposed to the untrusted Internet, and the source code (web markup) is readily visible to anyone who wants to look. This combination is the ideal breeding ground for automation – an application that is both always accessible and comes with a blueprint showing how the application works. This is the combination that should be concerning to those who manage enterprise risk. Almost all of our applications are migrating to the web, and these applications are almost certain to be hit by automated attacks,” Williamson warned.

“Businesses must pay particular attention to directly protecting data and applications by using security measures like a web application firewall, ideally in conjunction with real-time reputation services,” Shulman said.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

While there are many routes to application security, bundles that allow security teams to quickly and easily secure applications and affect security posture in...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.