Web applications are the soft underbelly of organizations, including in the financial services and insurance sectors, with injection-style attacks leading the pack, a new report from Alert Logic has found.
Alert Logic, a provider of security and compliance solutions for the cloud, released its 2017 Cloud Security Report earlier this week. The report analyzes customer data from more than 3,800 Alert Logic cloud, on-premises and hybrid cloud customers over an 18-month period, from Aug. 1, 2015 to Jan. 31, 2017. Report findings are based on an analysis of more than 2 million security incidents captured in Alert Logic intrusion detection systems, the company noted in a press release.
Web application attacks accounted for 73% of all the incidents flagged in the 18-month evaluation period, affecting 85% of the company’s customers. Injection-style attacks, such as SQL injection (SQLi), were dominant, the release pointed out. Networking hardware company Cisco explained on its website that SQLi involves altering SQL statements that are used within a web application through the use of attacker-supplied data, which can be used to perform the following types of attacks: authentication bypass, information disclosure, compromised data integrity, compromised availability of data and remote command execution.
In the financial services and insurance sectors, SQLi accounted for 42,648 incidents, or 55.78% of the industry total. The report examined four other industry verticals: health services; retail and accommodation; information technology and services; and production, manufacturing and logistics.Contrasting SQLi, pure public cloud installations experienced the fewest security incidents. On average, customers running applications on public cloud platforms experienced 405 security incidents over the 18-month period, while on-premises customers experienced a 51% higher rate of security incident escalations (612), hosted private cloud 69% higher (684) and hybrid cloud 141% higher (977).
Customers in the report data set represent a broad range of industries and organization sizes, from small-to-medium-sized business to large-scale enterprises. Eighty-two per cent of customer deployments analyzed hosted workloads in the cloud – either on an infrastructure-as-a-service platform or hosted private cloud – and approximately one-third maintained on-premises or cloud hybrid infrastructure.Server-side ransomware represented only 2% of total incidents, Alert Logic reported. “While ransomware gets much mindshare in the cyber security industry and in media headlines, it accounted for only a small number of observed security incidents in the data set,” the release added.
Another finding was that vulnerabilities in ubiquitous third-party web application components, insecure coding practices and increases in exploit automation make content management systems and e-commerce platforms rich hunting grounds for hackers targeting web applications. Attacks targeting content management system Joomla accounted for 25% of total web application attacks observed, followed by WordPress with 10% and Magento with 7%.
“We focused our analysis on incident types and the workloads and environments most at risk,” said Misha Govshteyn, Alert Logic’s senior vice president of technical and product marketing, in the release. “Cyber attackers continue to seek the weakest spots in network defenses and businesses need to understand how they are refocusing to take advantage of the changing attack landscape.”