Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Server Takeover Attacks Dominated the Month of August: Incapsula

According to security vendor Incapsula, August was a busy month for Web Application attacks. The company’s latest “attack heat map report” shows some interesting snapshots of the Web, including an overall attack level in Denmark of 0.74 percent, which was launched from a single source.

According to security vendor Incapsula, August was a busy month for Web Application attacks. The company’s latest “attack heat map report” shows some interesting snapshots of the Web, including an overall attack level in Denmark of 0.74 percent, which was launched from a single source.

The attacks in August represent Remote File Inclusion and Local File Inclusion attacks, where an attacker can upload files or call files on an insecure server, directory traversal; which allows an attack the ability to navigate outside of the normal server paths; and targeted attacks against vulnerable software or other applications such as WordPress or something similar.

According to the data taken from 200 million sessions captured by their monitoring network, Incapsula says that 73-percent of all the attacks were classified as takeovers. After that, 11-percent represented Data Theft (SQL Injection), 16-percent were linked Credential Theft (Cross-Site Scripting), and lastly vulnerability scanning.

Location wise, the U.S., followed by China and Russia, generated the highest volume of attack traffic. Target wise, the U.K. was the top target, followed by Denmark and the U.S.

The image below has the full breakdown, with a description of the attack types used included below.

Website Attack Heatmap

Attack Types

Server Takeover: Includes Remote File Inclusion, Local File Inclusion, Directory Traversal and specific known web applications or web server vulnerabilities. These security risks are the most widespread due to their effectiveness but moreover because they are very easy to automate. These attacks are mainly used for web server takeover. By taking over the web server, a hacker can plant malicious code in the site’s code, deface the site or even use the web server as a bot for attacking other sites.

Data Theft: Attacks that are targeting databases which are used in most common web applications. This weakness happens when a web application does not properly sanitize user input and allows the attacker to affect the SQL statements that are executed by the database. This attack is mostly used for stealing sensitive data – bypassing authentication or even causing a Denial of Service.

Advertisement. Scroll to continue reading.

Credentials Theft: Cross Site Scripting – XSS in short, is a method in which a hacker uses a weakness in the web application which allows the attacker to execute malicious code in the user’s browser. This attack can be used to steal user credentials, alter the site’s appearance or even redirect the user to sites that are hosting malware.

Vulnerability Scanning: Vulnerability scanners are tools which scan web applications to find security vulnerabilities. Some of them are commercial tools (as Nessus, Qualys, Acunetix & WhiteHat security) used by website owners to self-check their websites for security breaches, and some are self-developed by hackers, which use them to find security vulnerabilities on websites and then exploit these vulnerabilities for targeted attacks .

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.