Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Security Infrastructure

Automation Placing Web Applications Under Steady Stream of Attack

Data security firm Imperva, today released the results of study which revealed that web applications are probed or attacked about 27 times per hour or about once every two minutes.

As a part of the company’s ongoing Hacker Intelligence Initiative, Imperva monitored and categorized more than 10 million individual attacks across the internet, including attacks witnessed via onion router (TOR) traffic as well as attacks targeting 30 different enterprise and government web applications.

Data security firm Imperva, today released the results of study which revealed that web applications are probed or attacked about 27 times per hour or about once every two minutes.

As a part of the company’s ongoing Hacker Intelligence Initiative, Imperva monitored and categorized more than 10 million individual attacks across the internet, including attacks witnessed via onion router (TOR) traffic as well as attacks targeting 30 different enterprise and government web applications.

Radar

The Imperva 2011 Web Application Attack Report (WAAR) offers insight into malicious web application attack traffic from December 2010 through May 2011, and outlines the frequency, type and geography of origin of each attack.

On average, Imperva saw that companies experienced twenty-seven attacks per hour, and when websites came under automated attack they received up to 25,000 attacks per hour, or 7 attacks every second. By comparison, the United States Department of Defense, with more than 7 million systems, says its systems are “probed” by unauthorized users 250,000 times every hour, according to a statement from General Keith Alexander last year.

While it’s important to realize that traffic like this is typically with malicious intent, these numbers don’t mean each event is a direct attack on a specific target. Think of them more as reconnaissance—or hackers using tools to search around for potential targets and identifying which can be exploited. In the physical world, I like to compare it so the likes of a drone, searching for potential targets—but wouldn’t consider it an actual ‘attack’ until a missile is fired.

That being said, many attacks CAN be automated, with botnets constantly scanning and probing the Internet, seeking to exploit vulnerabilities and extract valuable data, conduct brute force password attacks, disseminate spam, and distribute malware.

IT Security Resource: Justifying IT Security: Managing Risk & Keeping Your Network Secure

“Most security research focuses on vulnerabilities, and while this insight is extremely valuable, it doesn’t always help businesses prioritize their security efforts,” said Amichai Shulman, lead researcher and Imperva CTO. “Take a look at the OWASP Top 10, for example, RFI and Directory Traversal were not identified as top vulnerabilities, yet our research shows that these are two of the most common attacks used by hackers to steal data. It’s impossible to have effective risk management without understanding which vulnerabilities are most likely to be exploited.”

Advertisement. Scroll to continue reading.

Automated Web Site Attack Types

According to the report, the four most prevalent Web application attacks include directory traversal (37 percent), cross site scripting (36 percent), SQL injection (23 percent) and remote file include (four percent). These attacks were often used in combination to scan for vulnerabilities and subsequently exploit found vulnerabilities.

While 61 percent of the attacks originated from bots in the United States, it was unclear from where they were controlled. Attacks from China made up almost 10 percent of attack traffic, followed by attacks originating in Sweden and France. Geography, however, is less than reliable, but filtering attacks by reputation is more so.

“The level of automation in cyber attacks continues to shock us. The sheer volume of attacks that can be carried out in such a short period of time is almost unimaginable to most businesses,” said Shulman. “The way hackers have leveraged automation is one of the most significant innovations in criminal history. You can’t automate car theft, or purse stealing. But you can automate data theft. Automation will be the driver that makes cyber crime exceed physical crime in terms of financial impact.”

“Advances in evasion are also significant. Our data shows that it is increasingly difficult to trace attacks to specific entities or organizations,” continued Shulman. “This complicates any effort to retaliate, shut down cybercriminal gangs or identify potential acts of war.”

The results of this study echo much of what was identified in the Verizon 2011 Data Breach Investigations Report, which showed that large-scale breaches dropped dramatically while small attacks increased, likely due to the fact that small to medium-sized businesses represent prime attack targets for many hackers, who favor highly automated, repeatable attacks against these more vulnerable targets.

The full Imperva 2011 Web Application Attack Report can be downloaded here. (Direct PDF Download)

Cloud Security Reading: The Big Shift to Cloud-based Security

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is founder and director of several leading cybersecurity industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Coro, a provider of cybersecurity solutions for SMBs, has appointed Joe Sykora as CEO.

SonicWall has hired Rajnish Mishra as Senior Vice President and Chief Development Officer.

Kenna Security co-founder Ed Bellis has joined Empirical Security as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.