Beware Joomla, et al: An analysis shows that web applications are the soft underbelly of organizations—the chink in the armor that hackers can use to successfully compromise their operations.
That’s the word from Alert Logic, which conducted an analysis of more than 2 million security incidents that were captured and escalated in its systems during an 18-month evaluation period. The resulting 2017 Cloud Security Report found that that web application attacks accounted for 73% of all the incidents flagged. These affected 85% of all Alert Logic customers, with injection-style attacks such as SQL injection leading the pack.
In comparison, server-side ransomware represented only 2% of total incidents.
“While ransomware gets much mindshare in the cybersecurity industry and in media headlines, it accounted for only a small number of observed security incidents in the data set,” the report noted.
“We focused our analysis on incident types and the workloads and environments most at risk,” said Misha Govshteyn, senior vice president of Technical and Product Marketing at Alert Logic. “Cyber-attackers continue to seek the weakest spots in network defenses, and businesses need to understand how they are refocusing to take advantage of the changing attack landscape.”
The Alert Logic customers in the report data set represent a broad range of industries (452 unique SIC codes) and organization sizes, from small-to-medium-sized businesses to large-scale enterprises. About 82% of customer deployments analyzed hosted workloads in the cloud—either on an infrastructure-as-a-service platform or hosted private cloud—and approximately one-third maintained on-premises or cloud hybrid infrastructure.
The report showed that pure public cloud installations experienced the fewest security incidents. On average, customers running applications on public cloud platforms experienced 405 security incidents over the 18-month period, while on-premises customers experienced a 51% higher rate of security incident escalations (612), hosted private cloud 69% higher (684) and hybrid cloud 141% higher (977).
The results also showed that bad actors like content management systems and e-commerce platforms.
“Vulnerabilities in ubiquitous third-party web application components, insecure coding practices and increases in exploit automation make content management systems and e-commerce platforms rich hunting grounds for hackers targeting web applications,” said the report. “Attacks targeting the Joomla content management system (CMS) accounted for 25% of total web application attacks observed followed by WordPress with 10% and Magento with 7%.”