Content, Breach, Content

Study: Cross-Site Scripting Nearly 40% of All Online Cyber Attacks in 2019

Nearly three quarters of large companies in Europe and North America were hit by online cyber attacks in 2019 with cross-site scripting used in 40 percent of incidents, according to PreciseSecurity’s research.

It’s an interesting but perhaps a somewhat overlooked finding considering all the headlines ransomware and phishing command. With more than 74 percent of all cyber attacks hitting websites in 2019, it’s “hackers’ favorite platform to perform attacks globally,” PreciseSecurity wrote in a blog post. WordPress, owing to its large user base, was a prime target in 2019 with nearly all of the platform’s vulnerabilities related to plugins. The second most targeted platform was application program interfaces (APIs) with nearly 7 percent of global hacking incidents.

As for online attack vectors, in cross-site scripting (XSS) hacks malicious scripts are injected into otherwise benign and trusted websites. Most XSS attacks are performed by using a web application to send malicious code, usually as a browser side script, to a different end-user. According to PreciseSecurity’s data, SQL injection was the second most used attack vector globally at a 13.5 percent share, followed by fuzzing at 7.5 percent, business logic at 6.4 percent and information gathering at 5.8 percent. In fuzzing attacks, hackers find exploitable software bugs by randomly feeding different variants of data into a target program until a vulnerability is found.

The data showed some interesting results about why global hackers target a particular company. Nearly 60 percent named the challenge and the opportunity to learn as the primary reason for launching a cyber attack. Forty percent of hackers perform the attacks because they simply like the company, while 36 percent want to test the security team’s responsiveness.

As for additional targeted platforms, the data show that around 7 percent of hackers choose Android mobile and operating systems. Attacks aimed at downloadable software and the Internet make up about 4 percent of all hacking incidents globally.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.