Hackers attack Web-based applications once every two minutes on average, according to a new report by data security firm Imperva. Websites targeted by automatic cyber-attacks can be subject to even more assaults, including as many as 25,000 attacks every hour, or up to seven each second.
Tracking over 10 million individual attacks from December 2010 to May 2011, the company’s Web App Attack Report reveals that strikes against business and government sites are increasing overall. Researchers further found that the majority of strikes come from domestic soil, with 61% of cyberattacks originating from “bots,” or remotely-operated PC drones, within the U.S. Countries such as China, Sweden and France also rank high in the list of sources from which attacks are launched. Per the report, the four most common types of online assaults against Web apps include directory traversal (37%), cross site scripting (36%), SQL injection (23%) and remote file inclusion (4%).
“The level of automation in cyberattacks continues to shock us,” said Amichai Shulman, Imperva’s lead researcher and chief technology officer. “The way hackers have leveraged automation is one of the most significant innovations in criminal history. You can’t automate car theft, or purse stealing. But you can automate data theft. Automation will be the driver that makes cyber crime exceed physical crime in terms of financial impact.”