Web application attacks peak at 25,000 per hour


Automated attacks on web applications are leading to 25,000 incidents an hour for businesses, analysis has suggested.

Imperva's 2011 Web Application Attack Report (WAAR) looked at targeting of 30 enterprise and Government online applications in order to steal data and found, on average, they were being hit 27 times per hour, or once every two minutes.

However, high volume spikes in traffic showed automation had come into play, enabling a massive increase of attacks to 25,000 per hour or seven hits every second, our sister site Cloud Pro reported.

"The level of automation in cyber attacks continues to shock us," said Amichai Shulman, head researcher for WARR and chief technology officer (CTO) at Imperva. "The sheer volume of attacks that can be carried out in such a short period of time is almost unimaginable to most businesses."

"The way hackers have leveraged automation is one of the most significant innovations in criminal history. You can't automate car theft, or purse stealing. But you can automate data theft. Automation will be the driver that makes cyber crime exceed physical crime in terms of financial impact."

The most common attack was a directory traversal taking advantage of lax security to gain access to a file through an API accounting for 37 per cent of attacks, with cross site scripting in close second at 36 per cent. SQL injections were also responsible for 23 per cent of attacks, although Imperva pointed out these methods were often used together to increase impact.

The majority of the attacks over 61 per cent originated from bots in the US, with China coming in second place at just 10 per cent. However, Imperva claimed 29 per cent of attacks came from just the top 10 active sources.

The company offered advice to chief executives (CEOs) on how to keep their businesses safe, including rule number one assume you are a target.

"Consider yourself an even more attractive target if you hold sensitive information with value for hackers, governments, employees or competitors," Imperva recommended.

The firm also suggested making data security "a strategic priority," working with law enforcement to root out hackers and embracing regulations to protect your files.

Jennifer Scott

Jennifer Scott is a former freelance journalist and currently political reporter for Sky News. She has a varied writing history, having started her career at Dennis Publishing, working in various roles across its business technology titles, including ITPro. Jennifer has specialised in a number of areas over the years and has produced a wealth of content for ITPro, focusing largely on data storage, networking, cloud computing, and telecommunications.

Most recently Jennifer has turned her skills to the political sphere and broadcast journalism, where she has worked for the BBC as a political reporter, before moving to Sky News.