A new study by a Calif.-based security vendor suggests that Web applications are heavily targeted by hackers, most of whom see them as a useful point of vulnerability from which to access sensitive data that may travel over those apps.
According to the third edition of Imperva's Web Application Attack Report, the average Web application can expect attacks 120 days per year, though some are actually being attacked more than twice that amount, or nearly 80 percent of the time. The report also says that the attacks can be very bursty in nature, with long periods of stability interspersed with occasional bouts of heavy attack. Therefore, security measures designed to protect those networks need to be designed in such a way that they can accommodate those occasional bursts.
The average attack, according to the study, has duration of approximately 7 minutes and 42 seconds with the longest attacks reaching 79 minutes. But, the report found no correlation between specific days for attack, making it difficult for security experts to try to predict when those incidents might arise.
[Related: The Biggest Data Breaches of 2012 (So Far)]
Imperva also reports that the majority of attempts originate from the United States, Western Europe, China and Brazil, though business logic attacks are still heavily focused on western African countries, such as Senegal, Nigeria, Ghana and the Ivory Coast. Meanwhile, comment spamming is far more likely to originate from Eastern European countries, particularly Russia, Ukraine, Latvia and Poland.
Comment Spamming is a method for changing the ranking of the spammer's website within the results of major search engines in order to increase the number of potential visitors.
The report also considers France to be the leader in SQLi attacks, with an attack volume four times greater than that of the United States. These attacks exploit vulnerabilities in the database layer of an application. Using SQL injection, which is the most frequently used attack identified by the report, the attacker can extract or manipulate the data.
"From a hacker’s perspective, the application is a gateway to the valuable data the application transacts," the report says. "Technically, the main driver is the automation of attack tools."
In short, users of Web applications, and the channel partners who support them, clearly have their hands full. "We had found out that from an application defense standpoint, the cyber battlefield looks more like a border-keeping mission than total war," the report said. "Most of the time very little happens, but every once in a while there’s an outbreak of attacks."
The findings are based on an analysis of Internet traffic to 50 Web applications from December 2011 through May 2012.
Imperva's recommendations include the deployment and constant updating of security solutions that are specifically designed to detect automated attacks; regular maintenance on updated intelligence on malicious sources; and participation in the security community that shares data on attacks.
PUBLISHED AUG. 8, 2012