Increased Hacker Interest in SQL Injection Attacks

Press Release

Oct 30, 2012

Media Contact
Clinton Karr
(415) 432-2441
Clinton.Karr@lewispulse.com

Imperva’s second annual hacker forum analysis detects black market for social network fraud

REDWOOD SHORES, Calif. – October 29, 2012 – Imperva, Inc. (NYSE: IMPV), a pioneer and leader of a new category of business security solutions for critical application and high-value data in the data center, today released its October Hacker Intelligence Initiative report, “Monitoring Hacker Forums,” its second annual analysis of a large hacker forum containing roughly 250,000 members. Imperva has detected a black market for social network fraud. In addition, about one third of discussions in the hacker forum focused on training and tutorials for data theft techniques such as SQL injection, but industry analysts estimate less than five percent of IT budgets include products to mitigate attacks in the data center.

“By examining what information hackers seek out or share in these forums, we can better understand where they are focusing their efforts,” said Amichai Shulman, CTO, Imperva. “If organizations neglect SQL injection security, we believe that hackers will place more focus on those attacks.”

Highlights from the report include:

DDoS and SQL injection are the most popular attack methods: DDoS and SQL injection remain the most popularly discussed hacking topics. According to the analysis, DDoS (19 percent) and SQL injection (19 percent) were the most frequently discussed attack methods. However, Gartner’s Forecast: Security Infrastructure Worldwide, 2010-2016, 2Q12 Update shows $25 billion was spent on security software and network equipment in 2011, and we believe that less than five percent of security budgets is allocated to products that mitigate SQL injection attacks.
Market for social network endorsements are on the rise: In a keyword search relating to social networks, Imperva found that Facebook (39 percent) and Twitter (37 percent) were the most frequently discussed social networks. In reviewing social network related posts, Imperva observed a black market for buying and selling illegitimate social network likes, followers, and endorsements, with particular attention given to the origin of these likes and followers.
Hacker education comprises a third of all forum conversations: Of the total conversations analyzed, roughly 28 percent were related to beginner hacking and hacker training, while another 5 percent related to hacking tutorials. Both aspiring and veteran hackers frequent forums to exchange techniques, build credibility and publish their hacking successes.

To download the full report, please visit: http://www.imperva.com/download.asp?id=81.

Get up-to-date security insights on the Imperva Data Security blog.

About Imperva
Imperva is a pioneer and leader of a new category of business security solutions for critical applications and high-value data in the data center. Imperva’s award-winning solutions protect against data theft, insider abuse, and fraud while streamlining regulatory compliance by monitoring and controlling data usage and business transactions across the data center, from storage in a database or on a file server to consumption through applications. With over 1,900 end-user customers in more than 60 countries and thousands of organizations protected through cloud-based deployments, securing your business with Imperva puts you in the company of the world’s leading organizations. For more information, visit www.imperva.com, follow us on Twitter, or visit our blog. We’re hiring! Help us protect the world’s data: http://www.imperva.com/go/jobs.

Forward Looking Statements
This press release contains forward-looking statements, including without limitation those regarding Imperva’s belief that, if organizations neglect SQL injection security, hackers will place more focus on these types of attacks. Investors should consider important risk factors, which include: the risk that our products may not be accepted by the market; the risk that competitors may be perceived by customers to be better positioned to help handle business security threats and protect their businesses from major risk; the risk that the growth of Imperva may be lower than anticipated; and other risks detailed under the caption “Risk Factors” in the company’s Form 10-Q filed with the Securities and Exchange Commission, or the SEC, on August 13, 2012 and the company’s other SEC filings. You can obtain copies of the company’s SEC filings on the SEC’s website at www.sec.gov.

HUG#1653232

Press Contact

impervaPR@imperva.com

This is for media inquiries only. For product and sales, please call: +1.866.926.4678.

Contact PR

The importance of a resilient CDN for digital performance

Imperva named a security leader in the SecureIQlab CyberRisk Report

IDC Spotlight: Effective Multicloud Data Security

Global DDoS Threat Landscape Report

The State of Security within eCommerce 2022

Imperva reimagines partner program: Imperva Accelerate

Protect your Cloudera data with Imperva

Quálitas continues its quality services using Imperva Application Security

Discovery Inc. tackles data compliance in public cloud

New Vulnerability in Popular Widget Shows Risks of Third-Party Code

Cyber Threat Index

Browse the Imperva Learning Center for the latest cybersecurity topics

Imperva ESG Reports

Increased Hacker Interest in SQL Injection Attacks

Press Contact