Automation ups the security ante

Can your organisation’s Web applications withstand 25,000 attacks a minute, or seven per second?

Web applications experience 27 attacks per hour on average — roughly one attack every two minutes — according to findings from a US-based data security provider.

Imperva’s latest Web Application Attack Report (WAAR), conducted December 2010 through May 2011, found cyber criminals are increasingly using automated attacks launched from captured ‘botnet’ computers. The study monitored and categorised more than 10 million individual attacks across the internet, as well as on 30 different enterprise and government Web applications. It established that attack traffic during the six-month period was characterised by high volume activity followed by longer periods of lighter activity — key indicators of automation.

When websites came under automated attack they received up to 25,000 attacks in one hour, or seven attacks every second. The findings could have far-reaching implications for CIOs and security personnel. “Most security research focuses on vulnerabilities and while this can be extremely valuable, it doesn’t always help businesses prioritise their security efforts,” said Imperva CTO and lead researcher, Amichai Shulman.

For example, the Open Web Application Security Project (OWASP), which lists the 10 most dangerous current Web application security flaws, does not identify remote file inclusion (RFI) and directory traversal as top vulnerabilities. However, WAAR shows that these are two of the most common attacks used by hackers to steal data.

“It is impossible to have effective risk management without understanding which vulnerabilities are most likely to be exploited,” Shulman said.

According to WAAR, the four most prevalent web application attacks are:

  • Directory traversal — 37 per cent
  • Cross site scripting — 36 per cent
  • SQL injection — 23 per cent
  • Remote file inclusion — 4 per cent.

Notably, these attacks are often used in combination to scan for vulnerabilities and subsequently exploit them.

“The level of automation in cyber attacks continues to shock us,” Shulman said. “The way hackers have leveraged automation is one of the most significant innovations in criminal history. You can’t automate car theft, or purse stealing, but you can automate data theft. Automation will be the driver that makes cyber crime exceed physical crime in terms of financial impact.

Alarmingly, advances in evasion are also significant.

“Our data shows that it is increasingly difficult to trace attacks to specific entities or organisations,” Shulman said. “This complicates any effort to retaliate, shut down cyber criminal gangs or identify potential acts of war.”

Join the CSO newsletter!

Error: Please check your email address.

Tags hackerssecurityWebsites

More about AARImperva

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Mark Phillips

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place