WebAppSec: Organizations face seven attacks per second at peak times
by Steve Ragan - Jul 25 2011, 11:00New research by security firm Imperva, conducted over a six month period, shows that attackers are able to reach peaks as high as 7 attacks per second, or 25,000 per hour, as they target and exploit Web Application vulnerabilities.
On Monday, Imperva released data compiled from 10 million individual attacks, observed over a period of six months (December 2010 - May 2011), for their inaugural Web Application Attack Report (WAAR). The report, which is available here, focused on 30 different Web Applications and TOR traffic.
In addition, it highlights the need to focus on both sides of the Web Application Security (WebAppSec) equation - vulnerabilities and mitigation - instead of vulnerabilities alone. Moreover, the report dives home the reality that automated attacks against Web Applications are just as serious as targeted ones, as well as the fact that little things often cause the most harm to an organization’s data.
During the six month study, Imperva observed several spikes and lulls in the amount of attacks. It was during these spikes that automated attacks reached their massive numbers, but even when the number attacks were low, they remained consistent. In the majority of cases, the attacks were automated by botnets and tools commonly known to criminals.
“Most security research focuses on vulnerabilities, and while this insight is extremely valuable, it doesn’t always help businesses prioritize their security efforts. It’s impossible to have effective risk management without understanding which vulnerabilities are most likely to be exploited,” said Amichai Shulman, lead researcher and Imperva CTO.
Four types of attacks were the most common during the observation period, each of them referenced in the OWASP Top 10. However, organizations often prioritize security based on several factors, and vulnerability research is weighted by development cost, impact, and established issues.
Given that Cross-Site Scripting (XSS) and SQL Injection (SQLi) are the top threats often covered by the media, discussed in security meetings, and feared the most by organizations ruled by compliance, they get the most attention when it comes to development.
Yet, Imperva discovered that an often overlooked vulnerability, Directory Traversal, caused the most problems. In 37-percent of the attacks observed, criminals were targeting Directory Traversal issues. The number of attacks leveraging this vulnerability are increasing month over month, Imperva’s report noted.
Directory Traversal is covered briefly by the OWASP Top 10 under Insecure Configuration Management [Source]. The common factors in most attacks due to this issue are improperly hardened webservers and missing patches. Other issues that lead to this vulnerability include the use of default accounts, unrestricted roles, access, and permissions.
After Directory Traversal, XSS (36-percent), SQLi (23-percent), Remote File Inclusion (RFI), with four-percent of attacks, rounded out the other observed vectors.
The report also singled out attack origins, noting that the majority of the attacks were launched by bots within the United States. The data showed that nearly 30-percent of all the attacks originated from the ten most active sources.
“The level of automation in cyber attacks continues to shock us. The sheer volume of attacks that can be carried out in such a short period of time is almost unimaginable to most businesses,” added Shulman.
“The way hackers have leveraged automation is one of the most significant innovations in criminal history. Advances in evasion are also significant. Our data shows that it is increasingly difficult to trace attacks to specific entities or organizations. This complicates any effort to retaliate, shut down cybercriminal gangs or identify potential acts of war.”
Comment on this Story