80% of network attacks target web-based systems
2010 has brought the use of the Internet for conducting business to an all-time high; however, attacks continue to strike networks more than ever by using sophisticated techniques.
Employee use of web-based business applications and social networking sites while on corporate networks continues to grow daily. While the employee premise for these programs is honorable – to help build brand awareness or improve productivity – use of these applications opens up the enterprise network to serious security threats.
One of the key findings of a new report was that more than 80 percent of network attacks targeted web-based systems. There are two key elements to this number: websites and web clients. The report shows websites are constantly at risk of being taken offline or defaced from SQL injection, PHP File Include or other attacks, and that these types of attacks have doubled in the last six months.
The report how these latest trends change the security landscape as the research demonstrates:
Increased consumerization of enterprise computing. Some of the most serious security issues this year have stemmed from increased use of consumer technologies in the enterprise, including downloads of applications and use of social media tools on company computers, opening the door for security risks and attacks through web vectors.
Prolonged and persistent targeting of web applications. Web applications continue to pose one of the biggest risks to company networks, often due to vulnerabilities in integration points between products.
Increased organization and sophistication of attackers. Attack sophistication has increased across all attack types, from client-side attacks such as malicious JavaScript, to server-side attacks like PHP file attacks. Attackers have become more organized and increasingly subversive and inconspicuous in the way they execute their attacks.
The unrelenting presence of legacy threats. Over the sample period of this report, the number of attacks from well-known malware threats continued to plague computer systems, emphasizing the importance of continued protection against already-known threats.
The report by HP TippingPoint DVLabs, SANS Institute and Qualys Research Labs, provides data and analysis – including real-world examples of attacks and recommended ways to mitigate risk – to fully inform companies about the latest security threats.
It includes updated vulnerability trends, an in-depth analysis of a PDF-based exploit, discussion of client versus server side attacks, and information on growing tendencies, including botnets and malicious JavaScript.