A pie chart of the top methods of Web hacking attacks.
(WEB HOST INDUSTRY REVIEW) — Information security and compliance solutions provider Trustwave (www.trustwave.com) announced on Friday it has released its Web Hacking Incident Database semiannual report, which is based on the results of a database of Web application-related security incidents.
The report analyzes the business impact of online application security attacks and reviews compiled data from January 2010 through June 2010.
Trustwave certainly has a vested interest in releasing such a report since its primary business is in providing on-demand data security and payment card industry compliance management solutions to businesses and organizations.
Web Application Security Consortium worked on the project under the leadership of SpiderLabs researcher Ryan Barnett.
The report is compiled by SpiderLabs, the advanced security team at Trustwave that handles application security, incident response, penetration testing, physical security and security research.
What makes this particular report unique is that it focuses on the impact of the security attack instead of the technical aspect of the incident.
The incidents compiled in WHID have all been publicly reported, are associated with Web application security vulnerabilities and have an identified outcome.
Based on this restrictive criteria, there are only 158 incidents included in WHID for the first half of 2010.
Perhaps the most notable trend for the first half of 2010 was the significant increase in targeted attacks against the financial vertical market.
This can mostly be attributed to cybercriminals targeting small to medium businesses online banking accounts.
There was also a rise in the use of Banking Trojans, which result in stolen authentication information to steal bank account passwords.
The report also analyzes the drivers for Web hacking incidents, which included leakage of information being the top driver, the defacements of websites, and the monetary loss driven by profit-seeking cybercriminals.
“These attackers are professional criminals who are developing new ways to generate revenue from compromising Web applications,” says Robert J. McCullen, chairman and CEO of Trustwave. “By extracting sensitive customer data from these e-commerce websites, the information can be sold on the underground black market for significant gain, resulting in identity theft and fraud.”
Individuals or businesses can download a copy of Trustwave’s WHID Report, or join Trustwave for a webinar that looks at the WHID report and identifies trends, statistics and how to defend against such attacks on September 16 here.
No related posts.
