Hacking attempts targeting web applications vary greatly by industry, with SQL Injection accounting for the highest percentage in transportation and manufacturing-related industries, according to Penta Security Systems Inc.'s annual Web Application Threat Trend (WATT) Report.
Covering attack trends that emerged under various data segmentations including industry type, continent of origin of attacks, and time of day, the report focuses on the analyses of five rules considered most important to the WAPPLES' detection engine, with key elements from the OWASP (Open Web Application Security Project) Top 10: Cross-Site Scripting (XSS), SQL Injection, File Upload, Directory Traversal and Stealth Commanding. Penta Security's security analysts found that not only did attack trends vary when data was segmented by continent of origin and time of day, but distinct web attack trends also existed across industries. Therefore contextual analysis is critical to effective optimization of security policies.
Different attack types were prominent for specific industries - for example, XSS showed to be prevalent in the Science & Technology industries as well as Social & Community industries as administration of websites belonging to this field tend to be relatively lax.
Therefore, many attacks can be expected to target individual PCs and terminals that access these sites. However, File Upload attacks made up a significantly high proportion of attacks within Financial Services, as attackers tend to attempt to gain server system privileges or distribute malicious files to user PCs and terminals via the websites.
"It is interesting to see how the current web attack trends are not only changing according to different technological advances, but also that hackers are now strategizing to target different industries,” says DS Kim, Chief Strategy Officer at Penta Security Systems. “The insights provided in the WATT report give corporations and organizations of all industries the information they need to anticipate attacks. By analyzing the data collected from our patented detection engine, we are able to offer valuable knowledge that can hopefully, reconstruct any organization's security risk profile.”
Major attack type varies by continent
Analyzing trends from aggregate attack data is insufficient in revealing insights needed to inform an effective security strategy. While SQL Injection attacks accounted for the highest proportion of attacks overall, Cross-Site Scripting attacks were the most common in Asia.
Primary attackers are launching persistent attacks against few targets
Primary attacker IPs worldwide were responsible for 30% of all attacks, utilizing SQL Injection and Cross-Site Scripting in three-quarters of their attacks.
The end of the work day is a peak time for attacks
During the window of time just after typical working hours, the intensity of web attacks more than double. Between 6pm and 7pm local time, the average rate of attacks was 9.4%, as compared to the hourly average of 4.2%.