Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Security Infrastructure

Automation Placing Web Applications Under Steady Stream of Attack

Data security firm Imperva, today released the results of study which revealed that web applications are probed or attacked about 27 times per hour or about once every two minutes.

As a part of the company’s ongoing Hacker Intelligence Initiative, Imperva monitored and categorized more than 10 million individual attacks across the internet, including attacks witnessed via onion router (TOR) traffic as well as attacks targeting 30 different enterprise and government web applications.

Data security firm Imperva, today released the results of study which revealed that web applications are probed or attacked about 27 times per hour or about once every two minutes.

As a part of the company’s ongoing Hacker Intelligence Initiative, Imperva monitored and categorized more than 10 million individual attacks across the internet, including attacks witnessed via onion router (TOR) traffic as well as attacks targeting 30 different enterprise and government web applications.

Radar

The Imperva 2011 Web Application Attack Report (WAAR) offers insight into malicious web application attack traffic from December 2010 through May 2011, and outlines the frequency, type and geography of origin of each attack.

On average, Imperva saw that companies experienced twenty-seven attacks per hour, and when websites came under automated attack they received up to 25,000 attacks per hour, or 7 attacks every second. By comparison, the United States Department of Defense, with more than 7 million systems, says its systems are “probed” by unauthorized users 250,000 times every hour, according to a statement from General Keith Alexander last year.

While it’s important to realize that traffic like this is typically with malicious intent, these numbers don’t mean each event is a direct attack on a specific target. Think of them more as reconnaissance—or hackers using tools to search around for potential targets and identifying which can be exploited. In the physical world, I like to compare it so the likes of a drone, searching for potential targets—but wouldn’t consider it an actual ‘attack’ until a missile is fired.

That being said, many attacks CAN be automated, with botnets constantly scanning and probing the Internet, seeking to exploit vulnerabilities and extract valuable data, conduct brute force password attacks, disseminate spam, and distribute malware.

IT Security Resource: Justifying IT Security: Managing Risk & Keeping Your Network Secure

“Most security research focuses on vulnerabilities, and while this insight is extremely valuable, it doesn’t always help businesses prioritize their security efforts,” said Amichai Shulman, lead researcher and Imperva CTO. “Take a look at the OWASP Top 10, for example, RFI and Directory Traversal were not identified as top vulnerabilities, yet our research shows that these are two of the most common attacks used by hackers to steal data. It’s impossible to have effective risk management without understanding which vulnerabilities are most likely to be exploited.”

Advertisement. Scroll to continue reading.

Automated Web Site Attack Types

According to the report, the four most prevalent Web application attacks include directory traversal (37 percent), cross site scripting (36 percent), SQL injection (23 percent) and remote file include (four percent). These attacks were often used in combination to scan for vulnerabilities and subsequently exploit found vulnerabilities.

While 61 percent of the attacks originated from bots in the United States, it was unclear from where they were controlled. Attacks from China made up almost 10 percent of attack traffic, followed by attacks originating in Sweden and France. Geography, however, is less than reliable, but filtering attacks by reputation is more so.

“The level of automation in cyber attacks continues to shock us. The sheer volume of attacks that can be carried out in such a short period of time is almost unimaginable to most businesses,” said Shulman. “The way hackers have leveraged automation is one of the most significant innovations in criminal history. You can’t automate car theft, or purse stealing. But you can automate data theft. Automation will be the driver that makes cyber crime exceed physical crime in terms of financial impact.”

“Advances in evasion are also significant. Our data shows that it is increasingly difficult to trace attacks to specific entities or organizations,” continued Shulman. “This complicates any effort to retaliate, shut down cybercriminal gangs or identify potential acts of war.”

The results of this study echo much of what was identified in the Verizon 2011 Data Breach Investigations Report, which showed that large-scale breaches dropped dramatically while small attacks increased, likely due to the fact that small to medium-sized businesses represent prime attack targets for many hackers, who favor highly automated, repeatable attacks against these more vulnerable targets.

The full Imperva 2011 Web Application Attack Report can be downloaded here. (Direct PDF Download)

Cloud Security Reading: The Big Shift to Cloud-based Security

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...