“Everyone is at risk from cyber-attacks.” No surprises here, but the WAAR report 2015 unraveled an alarmingly quick turnaround from vulnerability to attack kits to high intensity organized attacks. Multiple types of attacks targeted all of the applications irrespective of verticals – this is a first for WAAR. The report also confirms that attackers are still using existing vulnerabilities, but exploiting them with rapid automation and targeting a wider range of web applications. Imperva Application Defense Center (ADC) has analyzed 297,954 attacks and 22,850,023 alerts on 198 of the applications protected by Imperva Web Application Firewall (WAF) and made recommendations to help businesses better protect their applications and infrastructure from attacks.
The three key findings are –
- All of the applications under increased attacks like the “Blind scanning” Shellshock attack
- 100% of the applications under analysis had experienced Shellshock attack
- Typical application suffers 3x and 2.5x more SQLi & XSS attacks respectively vs. other attack types
- Detect-by-reputation mechanisms increasingly effective against attacks
- 78% of the malicious alerts were detect-by-reputation alerts
- Content Management Systems (CMS) and Healthcare applications were the most targeted
- CMS applications attacked 3x more than non-CMS applications
- Healthcare applications suffer 10x more XSS attacks vs. other verticals
It is clear that firms are unable to keep up with patching the known exploits partly due to the increase in the number of vulnerabilities disclosed. We can confirm, “Crime as a Service (CaaS) is now an established market just like SaaS, IaaS or PaaS.” If it were not an organized activity with an established marketplace, Shellshock attacks wouldn’t have been as evolved or as widespread targeting all applications. It is possible that within a few hours of an exploit becoming public, CaaS resells proven exploit kits to the expanding army of cyber criminals that amplifies the blast radius of the attack. Even with a low success rate the attackers might have been able to monetize the vulnerability and obtain valuable data from compromised servers or repurpose them as botnet servers. For more details on all the exciting findings and recommendations, please download our latest WAAR report here.
Please join us for a live webinar on November 18, 2015 at 9 a.m. pacific / 12 noon eastern, Itsik Mantin, Director of Security Research at Imperva, will detail key insights from the Imperva Application Defense Center annual Web Application Attack Report.