Denial-of-service attacks top web attack list..!!

priyanshuit's picture


Denial-of-service attacks surged to the top of the list of web incidents, outpacing SQL injection and cross-site scripting, according to a survey of publicly disclosed attacks.
DoS attacks now more common than SQL injection and cross-site scripting, study finds.
The ongoing survey, known as the Web Hacking Incident Database, categorized 222 incidents in 2010 and found that attackers aimed to take down the websites in a third of the incidents, while defacement accounted for 15 percent of attacks and stealing information was the goal in 13 percent of incidents. Unsurprisingly, the popular goal of causing downtime meant that denial-of-service attacks accounted for about a third of attack types, followed by SQL injection (21 percent) and cross-site scripting (9 percent).
In many industry reports, denial-of-service is not even on the list, but companies should worry about such brute-force tactics, says Ryan Barnett, a senior security researchers with security firm Trustwave's SpiderLabs, who manages the WHID project.
"You need to re-prioritize because web servers are actively being targeted with denial-of-service attacks," says Barnett.

Yet, different industries should also worry about different types of attacks, he says. Attackers focus on stealing money from financial firms using stolen credentials, according to the WHID data. They also tend to focus on defacing government sites and stealing credit-card numbers from retailers, using SQL injection in both cases, according to the WHID. The latter two relationships are weaker, however: While those are the most popular goals for attackers, each only accounts for a bit more than a quarter of attacks against the particular vertical. Money is the goal in two-thirds of attacks against financials.

"The outcomes and attacks and weaknesses are different, so depending on what market you are in, we have a pool of attacks that worked," says Barnett. "So CSOs should pick out examples in their market because those are most applicable to them."

Attackers' focus on downtime means that corporate CSOs need to make sure that they can handle web-specific denial-of-service attacks. Many times such attack focus on flooding the web servers, but low-and-slow attacks are becoming more popular and require a different defence.

"Many of these organisations foolishly think that the network security gear that they have to handle the lower level DOSing floods will take care of this and it won't," Barnett says. "The overall amount of traffic that you have to send to take down the web server is a lot less, and it looks legitimate."

Source: http://computerworld.co.nz/

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
5 + 15 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.

About the Author

priyanshuit's picture

Name
priyanshu

Last Name
sahay

Gender
Male

Website / Blog
http://www.hackersonlineclub.com

About me
Myself PRIYANSHU. >> Certified Cyber Law Expert >> Certified Cyber Security Expert >> Certified Ethical Hacker >> Working on Cyber Security, Ethical Hacking, Investigation, VAPT, Web Designing. Catch Me On >> Facebook: http://www.facebook.com/priyanshu.it Twitter: http://twitter.com/priyanshu_itech Email: priyanshu@cyber-india.in

Location
Delhi

Recent comments