SQL Injection and LFI Accounted for Over Three-Quarters of All Web Attacks

Datetime:2016-08-23 00:14:55          Topic: SQL Injection           Share

In the first three months of the year, Akamai says that Web attacks grew by 26 percent, continuing a rising trend set by cyber-crime actors during the last year.

Threat groups didn't use a diverse arsenal for their attacks, and only focused on four major attack vectors during Q1 2015.

SQL injection attacks were the most popular, accounting for 42 percent of the entire detected attack vectors, followed by LFI (Local File Inclusion) that was seen in 36 percent of all attacks, Shellshock attacks with 10 percent, and XSS (Cross-Site Scripting) with 8 percent.

Akamai says that 30 percent of attacks on Web applications were carried out via HTTPS encrypted connections, showing that encryption only protects your data in transit, but doesn't protect the Web application's vulnerable endpoints.

Attribution via ASN numbers can be more accurate compared to IPs

Again, the main source and target for all these attacks was the US. Attribution for cyber-attacks, in general, is a tricky business, as even Akamai explains, but the company feels confident that by tracking ASNs instead of IPs, it could detect an attack's real origin, instead of a spoofed identity.

One piece of information that can be used to track attack sources are the Autonomous System Numbers (ASNs), which are assigned to Internet traffic in association with Border Gateway Protocol

(BGP) routing. The ASN uniquely identifies each network on the Internet with a high degree of reliability. Although an IP address can be spoofed easily, the ASN of the originating traffic is almost always beyond the power of the attacker to disguise.

Akamai says that in the first three months, most attacks originated from the US, Brazil, and the Netherlands.

The US is the country with the most data centers in the world , and such, it makes sense to see so many attacks originating from its borders.

Brazil's presence on this list comes from the fact that a popular IaaS (Infrastructure-as-a-Service) provider recently opened a large number of data centers in the country. Akamai didn't mention the company's name, but it could be IBM , who opened a SoftLayer data center in Sao Paolo with 9,000 servers.

The Netherlands' name in Akamai's report doesn't surprise anyone since the country is known to fiercely protect customer privacy, being known as one of the places where crooks can rent out bulletproof hosting.

Additionally, Akamai also reports that the top three ASN numbers from where attacks originated were associated with VPS farms offered by IaaS cloud hosting providers.

While it is easy to set up a system or VPS in the cloud, it requires technical knowledge to properly to secure it. One misconfiguration or forgotten patch can leave a cloud-hosted system vulnerable. As a result, many systems set up each day can be compromised easily for use in a botnet or other attack platform.  

More in-depth statistics about Web attacks during the first three months of the year are available in Akamai's Q1 2016 State of the Internet - Security Report . Previously, we took at the DDoS landscape , also detailed by the Akamai report.

Web attacks in the first three months of 2016





About List