A report released today by security company Minerva shows that businesses are attacked every two minutes through web applications, with automated attacks peaking at 25,000 per hour.
The Web Application Attack Report (WAAR) revealed that web applications were attacked 27 times in any one hour, which equates to an attack every two minutes. The report investigated attacks over the period between December 2010 and May 2011.
However, the figures increased significantly when companies came under attack from automated assaults.
“The level of automation in cyber attacks continues to shock us. The sheer volume of attacks that can be carried out in such a short period of time is almost unimaginable to most businesses,” said Amichai Shulman, Lead Researcher and Imperva CTO.
“The way hackers have leveraged automation is one of the most significant innovations in criminal history. You can’t automate car theft, or purse stealing. But you can automate data theft. Automation will be the driver that makes cyber crime exceed physical crime in terms of financial impact.”
The company monitored 10 million individual attacks across the internet involving 30 government and enterprise applications. The report outlines the type of attack carried out, its origins and geography in order to better help security companies to address vulnerabilities.
“Most security research focuses on vulnerabilities, and while this insight is extremely valuable, it doesn’t always help businesses prioritize their security efforts,” said Shulman.
“It’s impossible to have effective risk management without understanding which vulnerabilities are most likely to be exploited.”
61% of the attacks came from within the US, the report showed, although it was often unclear where they were controlled.
Attacks from China constituted 10% of the traffic, followed by France and Sweden. However, the geography was seen to be “less than reliable” – 29% of the attacks were from the same active sources.
Cybercriminals are becoming increasingly harder to track down too, the report showed that it is more difficult to pin attacks on “specific entities or organisations”.
Imperva will host a webinar in September to review the findings – to register for the event, click here.