U.S. Leads in Web Attacks: Report

Wednesday, July 24, 2013 @ 02:07 PM gHale

The United States is tops as the main source of Web-based attacks, a new report said.

While manufacturing does get its share of assaults, the report found attackers are targeting retail-related applications with a disproportionately greater amount of SQL injection attacks compared to other industries. Retailers saw twice as many SQL attacks as other industries, the report said.

Caribbean Isle Malicious Domain of Choice
Backdoors Embedded into Image Files
Targeted Malware Attacks in Asia, Europe
Chinese APT Worked through Cloud

The U.S. led in every attack request category except for three, one in which China had the most unique attacking hosts for comment spam and two others in which Senegal had the most email intrusion requests and unique hosts carrying out email intrusion attacks, according to the Imperva Web Application Attack Report.

Despite coming in second for attack hosts in comment category and third for email intrusion requests and unique attack hosts, the U.S. led every category in terms of where the attack HTTP requests originated and how many distinct hosts it housed.

In terms of attack requests, the U.S. (82 requests) beat out France (22 requests) for remote file inclusion attacks, it (803 requests) beat out China (46 requests) in the SQL injection category, it beat (594) out the Philippines (26) in directory transversals, it (20) beat out France (11) for local file intrusions, and it (42) beat china (5) in the comment spam category.

In terms of the number of unique attack hosts per country, the U.S. led Brazil in remote file inclusion attack hosts, China in SQL injections, China in directory transversals, and France in local file inclusion. Senegal and Ivory Coast bettered the U.S. as email intrusion attack hosts and China bettered the U.S. as a host of comment spam attack.

Over a six month period, attackers targeted one unnamed Web application on 176 of 183 days.

However, among those analyzed, 12 attack days was the median number, meaning there were equal number of applications that experienced attacks on more than 12 days over that period as there were those that experienced attacks on less than 12 days over that period. The median attack duration lasted five minutes, but one attack lasted 935 minutes.

Leave a Reply

You must be logged in to post a comment.