Welcome!

Eclipse Authors: Pat Romanski, Elizabeth White, Liz McMillan, David H Deans, JP Morgenthal

News Feed Item

Nineteen Percent of Online Attacks in 2009 Targeted Social Networking Sites, According to Breach Security Report

Breach Security, Inc., the leader in web application integrity, security and PCI compliance, today announced a steep rise in attacks against social networking sites, according to the Web Hacking Incidents Database (WHID) 2009 Bi-Annual Report. Accounting for 19 percent of hacking incidents, social networking sites were the most targeted vertical market in the first half of 2009, with hackers exploiting Web 2.0 features such as user-generated content including Twitter posts to launch their attacks.

The WHID project compiles and analyzes application-related security incidents, focusing exclusively on publicly reported web application security attacks that have an identified outcome. The WHID 2009 Bi-Annual report analyzed global security incidents that occurred from January 1 through July 31, 2009, a 30 percent increase in overall web attacks compared to 1H 2008.

Key findings from the WHID 2009 Bi-Annual Report include:

  • Drivers for Web Hacking — Defacement, which combines both planting of malware and standard overt changes, remains the most common outcome of web attacks (28%), while leakage of sensitive information is a close second (26%, up from 19% in 2008). Disinformation is a distant third (19%), mostly due to the hacking of celebrity online identities.
  • Most Prevalent Attack Vectors — SQL Injection remains the number one attack vector, accounting for nearly one-fifth of all security breaches (19%). Attack vectors exploiting Web 2.0 features such as user-contributed content were also commonly employed: authentication abuse was the second most active attack vector (11%), and Cross Site Request Forgery (CSRF) rose to number five with 5% of the reported attacks.
  • Vertical Markets Under Attack — Social networking sites emerged as the most targeted vertical market with 19% of the incidents, a dramatic increase from prior years when this sector was not represented, and displacing government/law enforcement from the number one spot in 2008.

“The dramatic rise in attacks against social networking sites this year can primarily be attributed to attacks on popular new technologies like Twitter, where cross-site scripting and CSRF worms were unleashed,” said Ryan Barnett, director of application security research for Breach Security. “Looking back at 2008, a notable election year, government-related organizations were the top-ranked attack victims and have now dropped to number three. The WHID report demonstrates that hackers can be fickle, following popular culture and trends to achieve the most visible effect for their efforts, which means that companies must be vigilant in implementing web application systems and monitoring application activity.”

The Web Hacking Incident Database (WHID) is a project dedicated to maintaining a record of web application-related security incidents. The WHID’s purpose is to serve as a tool for raising awareness of web application security problems and to provide information for statistical analysis of web application security incidents. Unlike other resources covering web site security – which focus on the technical aspect of the incident – the WHID focuses on the impact of the attack. Breach Security Labs is a WHID project contributor.

To download a copy of Breach’s 2009 WHID bi-annual report, please visit http://www.breach.com/WHID2009.

About Breach Security Labs

Breach Security Labs is the research arm of Breach Security, Inc. Breach Security Labs conducts and sponsors global research and open-source projects which focus on emerging trends in web application security. In addition to open-source and research projects, Breach Security Labs provides the security content, including rules, correlations and signatures, for Breach Security’s web application security products including WebDefend, ModSecurity Pro and ModSecurity.

Breach Security Labs plays an active role in leading web application security industry organizations such as the Open Web Application Security Project (OWASP) and the Web Application Security Consortium (WASC). Breach Security Labs team members are WASC officers and lead the OWASP chapters in the UK and Israel.

About Breach Security

Breach Security, Inc. is the leading provider of real-time, continuous web application integrity, security and compliance that protects sensitive web-based information. Breach Security’s products protect web applications from hacking attacks and data leakage, and ensure applications operate as intended. The company’s products are trusted by thousands of organizations around the world, including leaders in finance, healthcare, ecommerce, travel and government. For more information, please visit www.breach.com. Follow Breach Security on Twitter: http://www.twitter.com/BreachSecurity.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

IoT & Smart Cities Stories
With the introduction of IoT and Smart Living in every aspect of our lives, one question has become relevant: What are the security implications? To answer this, first we have to look and explore the security models of the technologies that IoT is founded upon. In his session at @ThingsExpo, Nevi Kaja, a Research Engineer at Ford Motor Company, discussed some of the security challenges of the IoT infrastructure and related how these aspects impact Smart Living. The material was delivered interac...
Intel is an American multinational corporation and technology company headquartered in Santa Clara, California, in the Silicon Valley. It is the world's second largest and second highest valued semiconductor chip maker based on revenue after being overtaken by Samsung, and is the inventor of the x86 series of microprocessors, the processors found in most personal computers (PCs). Intel supplies processors for computer system manufacturers such as Apple, Lenovo, HP, and Dell. Intel also manufactu...
Darktrace is the world's leading AI company for cyber security. Created by mathematicians from the University of Cambridge, Darktrace's Enterprise Immune System is the first non-consumer application of machine learning to work at scale, across all network types, from physical, virtualized, and cloud, through to IoT and industrial control systems. Installed as a self-configuring cyber defense platform, Darktrace continuously learns what is ‘normal' for all devices and users, updating its understa...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Apptio fuels digital business transformation. Technology leaders use Apptio's machine learning to analyze and plan their technology spend so they can invest in products that increase the speed of business and deliver innovation. With Apptio, they translate raw costs, utilization, and billing data into business-centric views that help their organization optimize spending, plan strategically, and drive digital strategy that funds growth of the business. Technology leaders can gather instant recomm...
OpsRamp is an enterprise IT operation platform provided by US-based OpsRamp, Inc. It provides SaaS services through support for increasingly complex cloud and hybrid computing environments from system operation to service management. The OpsRamp platform is a SaaS-based, multi-tenant solution that enables enterprise IT organizations and cloud service providers like JBS the flexibility and control they need to manage and monitor today's hybrid, multi-cloud infrastructure, applications, and wor...
The Master of Science in Artificial Intelligence (MSAI) provides a comprehensive framework of theory and practice in the emerging field of AI. The program delivers the foundational knowledge needed to explore both key contextual areas and complex technical applications of AI systems. Curriculum incorporates elements of data science, robotics, and machine learning-enabling you to pursue a holistic and interdisciplinary course of study while preparing for a position in AI research, operations, ...
Codete accelerates their clients growth through technological expertise and experience. Codite team works with organizations to meet the challenges that digitalization presents. Their clients include digital start-ups as well as established enterprises in the IT industry. To stay competitive in a highly innovative IT industry, strong R&D departments and bold spin-off initiatives is a must. Codete Data Science and Software Architects teams help corporate clients to stay up to date with the mod...
In his session at 21st Cloud Expo, Raju Shreewastava, founder of Big Data Trunk, provided a fun and simple way to introduce Machine Leaning to anyone and everyone. He solved a machine learning problem and demonstrated an easy way to be able to do machine learning without even coding. Raju Shreewastava is the founder of Big Data Trunk (www.BigDataTrunk.com), a Big Data Training and consulting firm with offices in the United States. He previously led the data warehouse/business intelligence and Bi...
The Japan External Trade Organization (JETRO) is a non-profit organization that provides business support services to companies expanding to Japan. With the support of JETRO's dedicated staff, clients can incorporate their business; receive visa, immigration, and HR support; find dedicated office space; identify local government subsidies; get tailored market studies; and more.