Enterprise cybersecurity firm Positive Technologies has released a report detailing the scope of cyberattacks against web apps during Q3 2017.
Web apps are obviously a hot target for hackers, and leading the pack are healthcare web apps. The data that can be captured from them is in many ways more valuable than banking data or government records–healthcare provides an intimate look at the details of a person’s identity.
The types of attacks that dominate web app hack attempts aren’t surprising: SQL injections are number one, followed by cross-site scripting and local file inclusion.
Attacks facing healthcare web apps are dominated by cross-site scripting and local file inclusion (SQL injections barely rank), suggesting that hackers are trying to accomplish a different objective on those popular targets.
An ill wind for healthcare web apps
Positive Technologies said that the numbers for healthcare rose dramatically between Q2 and Q3, primarily because of what it tracked: “Most of the web applications in the healthcare category this quarter are used to provide information; in other words, they do not handle private data or patient medical records.”
That suggests attackers could have been slamming healthcare web apps with cross-site scripting and local file inclusion attacks for some time with it going totally unnoticed.
Since most healthcare web apps included in the survey didn’t contain personal data, hackers shifted to attack methods that enable them to drop malware into a web app.
The result is a situation nearly identical to how Bad Rabbit spread: Malicious code injected into the web app tricks users into downloading malware that masquerades as a Flash update or some other legitimate application.
Malware downloaded in this way can be easy to spread from a source like a healthcare web app, Positive Technologies said, because they are trusted websites we wouldn’t expect to be exploited.
What IT teams need to do to protect their web apps
The major spectre haunting web apps, according to Positive Technologies’ conclusions, is that attackers are moving faster than IT teams.
“Many companies still fail to quickly update web application components and install necessary patches. The result is that attackers are able to slip through defenses by using already known vulnerabilities,” the report concludes.
SEE: Intrusion detection policy (Tech Pro Research)
Keeping web apps safe from attackers requires just as much vigilance as protecting the rest of the IT infrastructure. In this case, IT teams need to be aware of any CVE notices that may affect their systems, apply updates as soon as they can be approved, be proactive by installing a web application firewall, and monitor traffic to head off attacks early.
There’s nothing new under the sun to be found here: Constant vigilance and proactive policies make for safe systems.
The top three takeaways for TechRepublic readers:
- A report out from Positive Technologies reveals that web app attacks in Q3 2017 were most common in the healthcare industry.
- Cross-site scripting and local file inclusion were the most common attacks on healthcare web apps, suggesting that attackers are trying to plant malware downloaders in apps as opposed to stealing user data.
- To keep web apps safe, Positive Technologies recommends monitoring CVE notices, applying updates promptly, installing a web application firewall, and monitoring traffic for irregularities.
- Report: 99.7% of web apps have at least one vulnerability (TechRepublic)
- This bug let a researcher bypass GoDaddy’s site security tool (ZDNet)
- Why it’s time for businesses to get serious about Progressive Web Apps (TechRepublic)
- A critical Apache Struts security flaw makes it ‘easy’ to hack Fortune 100 firms (ZDNet)