While traditional cyberattack vectors are alive and well, criminals continue to advance their toolkits, according to the Akamai State of the Internet / Security Report. Web application attacks are on the rise, increasing 69% in Q3 2017 over Q3 2016, the report found–representing an increase of 30% over Q2 2017 alone.
More of these attacks are originating in the US: Over the past year, there was a 217% increase in attacks sourcing from America, according to the report.
The most common web application attack vector in Q3 was SQL injection (SQLi) attacks, which represented 47% of all web application attacks. These attacks are easily automated and scalable, and typically find any vulnerable system to attack, rather than targeting specific organizations.
SEE: Information security incident reporting policy (TechRepublic)
“The fact that SQLi remains in the top position shows that organizations have not taken the steps needed to sanitize data input and protect their applications,” the report stated. “Attackers will continue to utilize these vectors to gain access to systems as long as there are few or no protections in place and applications are not sanitizing data input and output.”
Local File Inclusion (LFI) attacks were the second most frequently used attack vector in Q3, representing 38% of all application layer attacks, the report found. Cross-site scripting (XSS) came in third, used in 9% of the attacks recorded in Q3.
Cybercriminals also continue to leverage Mirai malware, which targets Internet of Things (IoT) devices. We’ve also seen the introduction of the WireX botnet, which compromises Android devices running malicious applications, and is designed to create DDoS traffic. Google was recently alerted that the malware was available in its Play Store, leading to the removal of hundreds of affected applications.
“The lure of easy access to poorly-secured end nodes and easily-available source code make it likely that Mirai-based attacks won’t be fading in the near future,” said Martin McKeay, senior security advocate and senior editor, State of the Internet / Security Report. “Our experience suggests that an army of new potential attackers comes online every day. Couple with that, the ubiquity of Android software and the growth in the Internet of Things are amplifying the risk/reward challenges that enterprises face to tremendous levels.”
Here are three tips to avoid these attacks, according to the report:
1. Securely lock IoT and mobile devices with restricted access, and install the latest firmware prior to being enabled with remote internet access. “In many cases, convenience is seen to outweigh the security concerns of system configuration,” the report stated. “Because of this, the impact of insecure devices extends beyond the device being compromised, spreading to include other networks or devices the compromised device may threaten.”
2. Secure your applications. Akamai found that three out of four applications have at least one vulnerability, and less than a third of applications pass the Open Web Application Security Project (owasp) Top 10 policy on the initial scan.
3. If you face a DDoS attack, share your metrics. “With this information, those of us who are empowered to dismantle these schemes can learn much more about them than would otherwise be possible,” the report stated. These metrics include packet captures, lists of attacking IP addresses, ransom notes, request headers, and any patterns of interest.
Want to use this data in your next business presentation? Feel free to copy and paste these top takeaways into your next slideshow.
- Web application attacks are on the rise and increased 69% in Q3 2017 over Q3 2016. -Akamai, 2017
- The most popular type of web application attacks in Q3 were SQL infections, Local File Inclusions, and cross-site scripting. -Akamai, 2017
- The WireX botnet targeting Android devices also wreaked havoc in 2017. -Akamai, 2017