In April 2016, Dimension Data (NTT group), a top Imperva channel partner, published the Global Threat Intelligence Report (GTIR) for the year 2015 based on threats evaluated against their clients and honeynets across a variety of industry sectors and geographic regions. We were not surprised to find web application attacks in the top of the list. In fact, when you consider just external attacks; web attacks claim the #1 spot. The findings in the GTIR are in line with the Imperva 2015 Web Application Attack Report (WAAR) in several key areas like attack vectors and the type of industries under attack.
Both the 2015 WAAR and the 2016 GTIR highlight the increase in SQL injection attacks and the exploitation of known vulnerabilities from prior years. SQL injection attacks remain popular for a very simple reason – they are simple and effective. Injection attack is the first step in a data breach kill chain involving web attacks. Researchers at Imperva Defense Center recently published a Hacker Intelligence Initiative (HII) report titled Black Hat SEO: A Detailed Analysis of Illegal SEO Tactics highlighting the prevalent use of injection techniques to promote illicit websites. Also, the GTIR brings out an interesting trend of DDoS where the implementation of better mitigation tools is leading to an overall reduction of the negative impact of DDoS attacks.
The 2016 GTIR strongly recommends the following countermeasures to shore up application security:
- Effective configuration and management of Web application firewall (WAF)
- Development of secure Web applications
- Deploy threat intelligence with IP Reputation services
- Implement application whitelisting for authorized applications
- Implement a vulnerability management program
- Remove externally facing remote administration consoles for Web applications
- Password protect Web application directories
Find out from the experts at Dimension Data, how Imperva SecureSphere WAF and Imperva Incapsula, can protect against web application attacks and comprehensive DDoS attacks by enabling enterprises to deploy the countermeasures recommended in the GTIR.