A report published by security firm Imperva showed that, during the first half of 2015, the number of attacks on Web applications grew tremendously, with a special focus on SQL injection and XSS exploits.
Imperva’s Web Application Attack Report (WAAR) includes data from January 1 to June 30, 2015, and the team analyzed 24,158,771 alerts, which yielded data on 297,954 Web attacks, recorded for 200 Web applications protected by the company’s security products.
The report analyzed seven generic attacks and the Shellshock exploit, which was very active during the time the report’s data was collected. The seven generic attacks were SQL injection (SQLi), Remote File Inclusion (RFI), Directory Traversal (DT), Cross-Site Scripting (XSS), Comment Spamming (spam), Remote Command Execution (RCE), and Unauthorized File Uploads (FU).
The results show that Web attacks grew compared to 2014, and the biggest rises were seen for SQL injections, which grew 3 times, and XSS attacks, which grew 2.5 times.
Every Web application was scanned for the Shellshock vulnerability
Almost 150 of the 200 Web apps included in the report registered all of the eight attack vectors. Attackers scanned for the Shellshock vulnerability on all of the 200 apps.
A large part of the attacks were recorded on Web applications running on a standard CMS (Content Management System) platform. These attacks were 3 times more often on CMSs when compared to non-CMS applications.
WordPress, in general, was attacked 3.5 times more often than non-CMS applications. The most popular attacks on this platform included RFI and spam, which were almost 7 times bigger than for non-CMS applications.
“CMS frameworks have an open nature, with open developer communities that generate never-ending sequence of plug-ins and add-ons, with varying level of security,” Imperva experts explained. “This situation has led to corresponding never-ending flow of CMS vulnerabilities, with WordPress as the leading CMS taking the lead also in the amount of published attacks.”