YOU ARE AT:DevicesAkamai report finds upswing in web app security attacks

Akamai report finds upswing in web app security attacks

2017 State of the Internet Security Report discovers web app attacks on the rise

Akamai Technologies published its third quarter 2017 State of the Internet Security Report, revealing a 30% increase in web application attacks in the third quarter of 2017 in comparison to the second quarter, and a 69% increase in total from the same timeframe last year.

According to the report, attacks based in the U.S. rose 217%, with a 48% increase in attacks sourcing from the U.S. in comparison to the second quarter. The report also found the most common type of attack, SQL injection (SQLi), increased 62% since last year, and 19% since the last quarter.

SQLi refers to the exploitation of a security vulnerability in a website or piece of software, which allows hackers to inject malicious code and control data. The authors of the report said the fact that SQLi attacks remain in the top position reveal organizations have not taken the necessary steps to sanitize data input and safeguard data application.

The report also noted an 8% increase in quarter-over-quarter Distributed-Denial-of-Service (DDoS) attacks. The gaming industry was the main target of such attacks, making up 86% of all volumetric DDoS attacks, up from 82% in the second quarter. One customer suffered 612 attacks in the third quarter, averaging almost seven attacks per day.

Germany was the origin of the largest number of unique IP addresses used in volumetric attacks, constituting 22% of the entire global total even though it was not included in the top five traffic source countries. Egypt, last year’s leader for DDoS attack traffic, fell out of the top five in the third quarter, with the U.S. maintaining its second-place status. The U.S. stayed the top target of web application attacks with more than 300 million attacks in the third quarter.

The Mirai botnet, which targets IoT devices, was responsible for the biggest attack in the reported quarter, which peaked at 109 Gbps. While this did not reach the record-breaking levels seen last year, such attacks can significantly impact an organization. The ongoing Mirai activity, in addition to the introduction of WireX malware, underscores the vast potential that exists for new sources of botnet armies.

“The lure of easy access to poorly-secured end nodes and easily-available source code make it likely that Mirai-based attacks won’t be fading in the near future,” said Martin McKeay, senior security advocate and senior editor of the report. “Our experience suggests that an army of new potential attackers comes online every day. Couple with that, the ubiquity of Android software and the growth in the Internet of Things are amplifying the risk/reward challenges that enterprises face to tremendous levels.”

ABOUT AUTHOR

Nathan Cranford
Nathan Cranford
Nathan Cranford joined RCR Wireless News as a Technology Writer in 2017. Prior to his current position, he served as a content producer for GateHouse Media, and as a freelance science and tech reporter. His work has been published by a myriad of news outlets, including COEUS Magazine, dailyRx News, The Oklahoma Daily, Texas Writers Journal and VETTA Magazine. Nathan earned a bachelor’s from the University of Oklahoma in 2013. He lives in Austin, Texas.