Content, Content

Hackers Target Web Apps, CMS and E-commerce Platforms, Alert Logic Says

Web applications are the security “soft underbelly of organizations,” new research from security-as-a-service provider Alert Logic tells us.

In Alert Logic’s study, entitled 2017 Cloud Security Report, the company said it analyzed two million security incidents from some 3,800 cloud, on-premises and hybrid cloud customers over an 18-month period, from August 1, 2015 to January 31, 2017.

Web application attacks accounted for 73 percent of all the incidents flagged during the 18-month evaluation period, affecting 85 percent of all Alert Logic customers, with injection-style attacks such as SQL injection firmly at the top.

Hence, the “soft underbelly” reference to third-party web application components isn’t just a description, it’s a data point, making it all the more noteworthy: Bad actors, concludes Alert Logic, see content management systems and e-commerce platforms in particular as fertile attack points.

The mix of unsecured coding along with automated exploit tools can give attackers aiming at content management and e-commerce solutions a field day, the company said. For example, attacks targeting the Joomla content management system accounted for 25 percent of total web application attacks. Some 10 percent of attacks hit WordPress and e-commerce solution Magento experienced seven percent.

Additional high-level findings include:

  • Pure public cloud installations represented the fewest security incidents. On average, customers running applications on public cloud platforms experienced 405 security incidents over the 18-month period while on-premises customers experienced a 51 percent higher rate of security incident escalations (612), hosted private cloud 69 percent higher (684) and hybrid cloud 141 percent higher (977).
  • Interestingly, server-side ransomware accounted for only two percent of total incidents. While ransomware draws an inordinate amount of high-profile attention from security pros and its victims, it accounted for only a small number of security incidents in Alert Logic’s data.

“We focused our analysis on incident types and the workloads and environments most at risk,” said Misha Govshteyn, Alert Logic’s SVP of technical and product marketing. “Cyber attackers continue to seek the weakest spots in network defenses, and businesses need to understand how they are refocusing to take advantage of the changing attack landscape.”

About 82 percent of customer deployments in the study featured hosted workloads in the cloud – either on an Infrastructure-as-a-Service platform or hosted private cloud – and approximately one-third maintained on-premises or cloud hybrid infrastructure.

While the report focuses mostly on the Open Application Security Project’s (OWASP) Top 10 attack methods, three others were included -- brute-force attacks, server-side ransomware and undesirable outside reconnaissance.

OWASP’s current Top 10 survey, which is focused on vulnerability capabilities, is open for data input through September 18, 2017 to allow for additional data to be collected for analysis.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.