Latest Report Points to a 45% Increase in Web Application Attacks

The Enterprise Security Report 2015 Alert Logic released highlight a 45% increase of attacks on cloud-based web applications. Read this post for more information and statistics.

A few weeks back Alert Logic released their latest cloud security report. The report highlights the current rise in web application attacks. In short it states "'Businesses with a large volume of online customer interactions are targeted for web application attacks in order to gain access to sensitive customer & financial data".

This 45% increase in attacks on web applications in 2014 also means that these type of occurrences represent at least 70% of all types of attack incidents on cloud-based web applications, where typically businesse store confidential data about their own business and customers.

What Is Driving This Increase in Web Application Attacks?

The growth and popularity of public cloud providers such as Rackspace and Amazon Web Services have seen all types of businesses shifting to more affordable & efficient cloud-based infrastructures. Hackers have also noticed this trend and have adapted their attack methodology accordingly. The biggest mistake many organizations are making is to assume that securing cloud based web applications, software and data is the responsibility of cloud providers.

Therefore the biggest driver of these attacks, and related threat vectors are the vulnerabilities of a business' customer-facing web applications, such as customer and online Banking portals. What this means, in simple terms, is that the amount of online interactions a business has with customers determines the attack vectors that an attacker will use against it.

As the current trend shows, and as web application attacks continue to grow in volume, business owners need to maintain their own risk management protocols and not rely solely on the security of the Cloud service provider. For this reason, using web application vulnerability scanners like Netsparker Desktop and Netsparker Enterprise enable stakeholders to scan and identify potential security weaknesses in their applications such as Cross-Site Scripting (XSS) and SQL Injection vulnerabilities.

As we saw in late October this year, the "Talk Talk" hack was achieved through an SQL Injection exploit, that allowed the attacker to access their databases that held names, addresses and financial information on thousands of customers.

What are the Top 10 Types of Attacks per Industry?

  • Transportation: 77% Application Attack
  • Real Estate: 55% Application Attack
  • Advertising: 54% Application Attack
  • Retail: 55% Application Attack
  • Computing Services: 48% Application Attack
  • Manufacturing: 46% Application Attack
  • Mining: 70% Trojan
  • Healthcare: 39% Brute Force
  • Accounting/ Management: 37% Brute Force
  • Financial Services: 33% Brute Force

Moving Forward - Ensure the Security of Your Web Applications

2015 already saw a number of high-profile breaches that included a major Hollywood studio, the biggest online dating site, and a Telecommunications company, to mention just a few. According to Alert Logic, more than 85 million records were lost via data breaches, both from internal and external attackers.

The only 'silver lining' to these high profile security breaches is that it highlights just how important it is to ensure business owners take all appropriate action to ensure their website and web applications are secure. Download the Alert Logic Cloud Security Report for more detailed information and statistics..

About the Author

Ferruh Mavituna - Founder, Strategic Advisor

Ferruh Mavituna is the founder and CEO of Invicti Security, a world leader in web application vulnerability scanning. His professional obsessions lie in web application security research, automated vulnerability detection, and exploitation features. He has authored several web security research papers and tools and delivers animated appearances at cybersecurity conferences and on podcasts. Exuberant at the possibilities open to organizations by the deployment of automation, Ferruh is keen to demonstrate what can be achieved in combination with Invicti’s award-winning products, Netsparker and Acunetix.