The second half of 2010 saw a steep rise in distributed denial-of-service attacks and other Web attacks that caused downtime, according to a new report from Trustwave's SpiderLabs.
Organizations were hit by more distributed denial-of-service attacks in the
second half of 2010, and their applications were knocked offline because of
poorly implemented defenses, according to a Web hacking report.
The number of DDoS attacks jumped 22 percent to become the most frequently
used attack vector in the second half of 2010, Trustwave found in its
semiannual Web Hacking Incident Database report, released March 14. DDoS
attacks successfully disrupted commerce and brought down Websites and large
organizations, the company found. More than 32 percent of all attacks in the
second half of 2010 involved DDoS attacks, according to the report. SQL
Injection was the second most popular vector, at 21 percent.
The primary goal appeared to be aimed at causing downtime, SpiderLabs,
Trustwave's security research and testing group, wrote on its Anterior
blog. Incidents that resulted in some kind of application downtime jumped
21 percent to account for 33 percent of all attacks, the report found.
Defacement and leakage of information were the second and third most popular
"This is mainly a result of ideological hacking efforts utilizing
distributed denial of service (DDoS) attacks as part of the Anonymous Group
versus Anti-Piracy and WikiLeaks events," wrote Ryan Barnett, the
principal investigator on the report. The incidents include the attacks on
PayPal and MasterCard, according to the report.
The report analyzed top outcomes, attack methods and weaknesses for vertical
markets. When broken down by vertical, SQL injection attacks remained popular
for government agencies and retail organizations. About 24 percent of all
attacks against government agencies and 27 percent of incidents in retail were
by SQL injection, the report found. The two sectors had the same application
weakness: improper input handling within the application that attackers
exploited the most. The most common outcome after an attack on a government
agency was defacement, while credit card numbers were more likely to be stolen
In contrast, the most common attack method for financial services was stolen
credentials, at 36 percent. Applications lacked, or did not have enough,
authentication built-in, the report found. The financial sector suffered
financial losses in 64 percent of the attacks.
"Cyber-criminals never stop trying to exploit Web applications,"
said Nicholas J. Percoco, senior vice president and head of SpiderLabs.
Most businesses "wrongly assume" that network hardware will stop
DDoS attacks, or believe their Website will not be targeted, Trustwave found.
The increase in the number of attacks in 2010 "proves" that
organizations, regardless of size, need to test their applications to
understand how they would fare under attack, the report said.
Along with being vulnerable to automated brute force and DoS attacks,
businesses need to test their sites for cross-site-scripting flaws and that
input handling does not allow SQL injection attacks, according to Barnett.
Applications need to have strong authentication processes and sufficient
authorization rules and be configured correctly, he said. Other top tactics
included CSRF and domain name hijacking, click-fraud, and other brute force
tactics to crack passwords, he said.
The WHID is a database of Web application-related security incidents and the
business impact of those attacks. The latest report analyzed data from 75
incidents reported between July 2010 and December 2010. To be included in WHID,
an incident must be publicly reported, be associated with Web application
security vulnerabilities and have an identified outcome, Trustwave said.