Web Attacks Increasingly Launched from Amazon Infrastructure

Web application attacks are growing in volume and duration, and are increasingly being launched from cloud IaaS platforms, according to the latest Web Application Attack Report from Imperva.

The firm analyzed attacks on its WAFs over nine months from August 2013 to April 2014 and found malicious traffic on the rise – notably SQL Injection attacks, which jumped 10%, and Remote File Inclusion (RFI), which increased by a quarter.

Not only this but attacks are 44% longer in duration compared to the previous report (June-November 2012).

“Longer attacks hint at the determination of attackers, willing to invest more resources through longer time to succeed,” director of research, Itsik Mantin, told Infosecurity.

“In some cases we’ve witnessed an attack campaign on a single application that lasted months with hourly attack trials, which may hint on this attack campaign being ‘personal’. Such attacker may be waiting for a change in the application that will provide the vulnerability he needs.”

Cybercriminals are increasingly using IaaS to launch attacks, which makes it easier for them to carry out longer campaigns, he added.

In fact, 20% of all known vulnerability exploitation attempts originated from Amazon Web Services, the report revealed.

Also of note was the fact that web attacks are increasingly aimed at sites requiring log-ins – ie those containing consumer information. They comprised the majority (59%) of all attacks and even more (63%) of SQL Injection attacks.

WordPress was named-and-shamed as the platform of choice for web attacks – targeted 24% more times than any all other CMS platforms combined – while PHP apps were hit three times as much by cross-site scripting attacks than .Net.

The US was pegged as the biggest source of web application attacks globally and only topped when it comes to cross site scripting, of which the UK was the main source

“In our educated opinion, based on years of analyzing attack data and origins, we propose that attackers from other countries are using US hosts to attack, based on those hosts being geographically closer to targets,” the report claimed.

What’s Hot on Infosecurity Magazine?