WAAR report – Web Attacks continue to increase, especially those launched from Amazon servers

The WAAR report issued by Imperva states that Web Attacks increasingly launched from Amazon servers, the overall number of attacks is also increasing.

Cloud computing is considered an amazing opportunity for cybercrime, from the perspective of an attacher these powerful architectures have the necessary resources to conduct powerful attacks, and consider also that often the data archived in the cloud are poorly protected.

According to the latest WAAR report published by the security firm Imperva, titled “Web Application Attack Report” (WAAR), the number of Web application attacks is constantly growing in volume and duration, but the worrying news it that these attacks is increasingly being launched from cloud IaaS platforms.

Cybercriminals are increasingly exploiting IaaS services to run attacks, 20 percent of all known vulnerability (CVEs) exploitation attempts were originated from Amazon Web Services, in particular 10% of all SQL Injection attacks observed by Imperva originated from AWS servers

 

The firm has analyzed malicious traffic captured by its system over a nine month period, from August 2013 to April 2014, observing a significant increase for malicious traffic. SQL Injection attacks (+10%) and Remote File Inclusion (RFI) attacks (+24%) were the categories of attack that had the greatest increase.

Another element of concern is related to the duration of the attacks, according to the experts, it is 44 percent longer compared to the previous report (June-November 2012).

“Longer attacks hint at the determination of attackers, willing to invest more resources through longer time to succeed,” said director of research, Itsik Mantin. “In some cases we’ve witnessed an attack campaign on a single application that lasted months with hourly attack trials, which may hint on this attack campaign being ‘personal’. Such attacker may be waiting for a change in the application that will provide the vulnerability he needs.”

The WAAR report states that also the number of attacks against websites protected by authentication mechanisms is increasing, those websites are privileged targets for cybercriminals because they usually contain consumer information or any other kind of sensitive data.

“… you’ll see that websites which have log-in functionality, and hence contain consumer specific information, suffer 59% of all attacks, and 63% of all SQL Injection attacks.” states the WAAR report.

Hackers and cyber criminals mainly hit Retail industry, Retail application suffer the most from web application attacks, 48.1 percent of all attacks targeted retail systems, 40 percent of all SQL injection attack campaigns and 64 percent of all malicious HTTP traffic targeted retail web sites. WordPress is the most attacked Content Management System (CMS), the websites running it were attacked 24.1 percent more than others running different CMS platforms. The WAAR report explains that Wordpress websites suffer 60 percent more Cross Site Scripting (XSS) incidents than all other CMS-running websites combined.

Which is the primary source of the attacks? The report claims US as the biggest source of web application attacks on a global scale, only topped when it introduces to cross site scripting, of which the UK was the principal source.

The data is not surprising and it is aligned with other similar reports, majority of targets is located in the US and US infrastructure results for cybercrime an ideal choice in terms of reliability.

The WAAR report closes explaining that “As attackers become more sophisticated, it is important that companies educate themselves on the threats that they are facing, and on the risk factor that is aligned with that threat.”

Let me suggest to read it.

Pierluigi Paganini

(Security Affairs –  WAAR Report , Imperva)