This is the final preview for the Q2 2015 State of the Internet Security Report, which comes out tomorrow. Here, we take a look at web application attacks and the impact that comes with adding two attack types to the picture. Note: We'll show the actual percentages for these attacks once the report is officially released. One more day!
Previews for the Q2 State of the Internet Security Report:
- Tor Pros and Cons
- Attackers Focus on SYN and UDP Vectors
- WordPress and the Danger of Third-Party Plugins
- Before Q2's State of the Internet Security Report is Released, Let's Review Q1
Akamai first began reporting web application attack statistics in Q1 2015. This quarter, two additional attacks vectors were analyzed: Shellshock and cross-site scripting (XSS).
Shellshock, a Bash bug vulnerability first tracked in September 2014, was leveraged in a significant number of web application attacks this quarter. Much of the Shellshock attack activity targeted a single customer in the financial services industry in an aggressive, persistent attack that endured for the first several weeks of the quarter. Since Shellshock attacks typically occur over HTTPS, this campaign shifted the balance of attacks over HTTPS vs. HTTP. In Q1 2015, only 9 percent of attacks were over HTTPS; this quarter many more were over HTTPS channels.
Looking beyond Shellshock, SSQL injection (SQLi) attacks accounted for the second-largest block of all attacks. In contrast, local file inclusion (LFI) attacks dropped significantly this quarter while remote file inclusion (RFI), PHP injection (PHPi), command injection (CMDi), OGNL injection using OGNL Java Expressing Language (JAVAi), and malicious file upload (MFU) attacks combined accounted for a smaller percentage of web application attacks.
As in Q1 2015, the financial services and retail industries were attacked most frequently.
The full report will be available here.