This is an archive post from the Netsparker (now Invicti) blog. Please note that the content may not reflect current product names and features in the Invicti offering.
A few weeks back Alert Logic released their latest cloud security report. The report highlights the current rise in web application attacks. In short it states "'Businesses with a large volume of online customer interactions are targeted for web application attacks in order to gain access to sensitive customer & financial data".
This 45% increase in attacks on web applications in 2014 also means that these type of occurrences represent at least 70% of all types of attack incidents on cloud-based web applications, where typically businesse store confidential data about their own business and customers.
What Is Driving This Increase in Web Application Attacks?
The growth and popularity of public cloud providers such as Rackspace and Amazon Web Services have seen all types of businesses shifting to more affordable & efficient cloud-based infrastructures. Hackers have also noticed this trend and have adapted their attack methodology accordingly. The biggest mistake many organizations are making is to assume that securing cloud based web applications, software and data is the responsibility of cloud providers.
Therefore the biggest driver of these attacks, and related threat vectors are the vulnerabilities of a business' customer-facing web applications, such as customer and online Banking portals. What this means, in simple terms, is that the amount of online interactions a business has with customers determines the attack vectors that an attacker will use against it.
As the current trend shows, and as web application attacks continue to grow in volume, business owners need to maintain their own risk management protocols and not rely solely on the security of the Cloud service provider. For this reason, using web application vulnerability scanners like Netsparker Desktop and Netsparker Enterprise enable stakeholders to scan and identify potential security weaknesses in their applications such as Cross-Site Scripting (XSS) and SQL Injection vulnerabilities.
As we saw in late October this year, the "Talk Talk" hack was achieved through an SQL Injection exploit, that allowed the attacker to access their databases that held names, addresses and financial information on thousands of customers.
What are the Top 10 Types of Attacks per Industry?
- Transportation: 77% Application Attack
- Real Estate: 55% Application Attack
- Advertising: 54% Application Attack
- Retail: 55% Application Attack
- Computing Services: 48% Application Attack
- Manufacturing: 46% Application Attack
- Mining: 70% Trojan
- Healthcare: 39% Brute Force
- Accounting/ Management: 37% Brute Force
- Financial Services: 33% Brute Force
Moving Forward - Ensure the Security of Your Web Applications
2015 already saw a number of high-profile breaches that included a major Hollywood studio, the biggest online dating site, and a Telecommunications company, to mention just a few. According to Alert Logic, more than 85 million records were lost via data breaches, both from internal and external attackers.
The only 'silver lining' to these high profile security breaches is that it highlights just how important it is to ensure business owners take all appropriate action to ensure their website and web applications are secure. Download the Alert Logic Cloud Security Report for more detailed information and statistics..