US Top Source of Web-Based Attacks; Retailers Heavily Targeted

The United States is no longer the most obese country in the world (thanks to Mexico), but it still ranks No.1 as the globally preeminent source of Web-based attacks, according to the Imperva Web Application Attack Report.

The United States is no longer the most obese country in the world (thanks to Mexico), but it still ranks No. 1 as the  preeminent global source of Web-based attacks, according to the Imperva Web Application Attack Report.

The report also notes that attackers are targeting retail-related applications with a disproportionately greater amount of SQL injection attacks compared to other industries. In fact, retailers saw twice as many SQL attacks as other industries, the report said.

The U.S. led in every attack request category except for three, one in which China had the most unique attacking hosts for comment spam and two others  in which Senegal had the most email intrusion requests and unique hosts carrying out email intrusion attacks.

Despite coming in second for attack hosts in comment category and third for both email intrusion requests and unique attack hosts, the U.S. led every category in terms of where the attack HTTP requests originated and how many distinct hosts it housed. In terms of attack requests, the U.S. (82 requests) beat out France (22 requests) for remote file inclusion attacks, it (803 requests) beat out China (46 requests) in the SQL injection category, it beat (594) out the Philippines (26) in directory transversals, it (20) beat out France (11) for local file intrusions, and it (42) beat china (5) in the comment spam category.

In terms of the number of unique attack hosts per country, the U.S. led Brazil in remote file inclusion attack hosts, China in SQL injections, China in directory transversals, and France in local file inclusion. Senegal and Ivory Coast bettered the U.S. as email intrusion attack hosts and China bettered the U.S. as a host of comment spam attack.

 attack hosts per countrr

Over a six month period, attackers targeted one unnamed Web application on 176 of 183 days. However, among those analyzed, 12 attack days was the median number, meaning that there were equal number of applications that experienced attacks on more than 12 days over that period as there were those that experienced attacks on less than 12 days over that period. The median attack duration lasted five minutes, but one attack lasted 935 minutes.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.