SANS: “60% of Attack Activity Directed to Hack Web Sites” (!) Yikes.
Posted by hyperguard on September 17, 2009
Earlier this month, SANS Institute issued a new biannual report with some scary statistics about web applications. If you don’t have time to sift through the entire report (it’s worth a the time if you can), basically OS attacks are down, application threats are up and web applications (such as websites) are way up – 60% of the total activity according to Rohit Dhamankar of TippingPoint’s DVLabs. Mr. Dhamankar’s company provided a lot of the data for the SANS report. Here’s an excerpt for the report:
“Attacks against web applications constitute more than 60% of the total attack attempts observed on the Internet. These vulnerabilities are being exploited widely to convert trusted web sites into malicious websites serving content that contains client-side exploits. Web application vulnerabilities such as SQL injection and Cross-Site Scripting flaws in open-source as well as custom-built applications account for more than 80% of the vulnerabilities being discovered. Despite the enormous number of attacks and despite widespread publicity about these vulnerabilities, most web site owners fail to scan effectively for the common flaws and become unwitting tools used by criminals to infect the visitors that trusted those sites to provide a safe web experience.”
Think about cloud computing after reading what SANS has found and realize cloud applications are subjected even further to this problem. Those in the industry have known this to be the case for a long time so it’s good to see SANS making headlines with the actual data! Hopefully the New York Times coverage helps shed much needed light on this issue.