You are here

Study finds rise in Web malware attacks, merchants more vulnerable during holiday season

BOTNETS and the malicious software (malware) used to control them continue to wreak havoc on Web applications, with attacks rising significantly in both quarterly and yearly timeframes, a security report has found.

Web application attacks rose by 30 per cent in the third quarter of 2017 compared to the second quarter, and rose by 69 per cent in total compared to the year-ago period.

Out of these digital assaults, attacks originating from the US saw a 217 per cent rise, with a 48 per cent increase in the third-quarter alone compared to the second quarter.

The holiday season is also expected to exacerbate attacks, with merchants more likely to succumb to extortions during the critical shopping period than at other times of the year.

Market voices on:

According to data from cloud delivery platform Akamai - which compiled the security report - SQL injection (SQLi) is still the most used attack method. Such incursions increased by 19 per cent from the second to the third quarter this year, and by 62 per cent from last year, topping the list of vulnerabilities ranked by the Open Web Application Security Project (Owasp).

SQLi refers to the exploitation of a security weakness in a website or piece of software by attackers, allowing them to inject malicious codeand take control of - or even destroying - data.

Akamai's report says the still-spreading Mirai botnet, which targets IoT (Internet of Things) devices, combined with the malware WireX which attacks Android phones, highlights the "vast potential" for future recruitment of botnet swarms or zombie devices controlled by malware.

"The lure of easy access to poorly-secured end nodes and easily-available source code make it likely that Mirai-based attacks won't be fading in the near future," said Martin McKeay, senior security advocate and senior editor of the State of the Internet/Security Report, adding the ubiquity of Android software and growth in IoT devices amplifies "the risk/reward challenges that enterprises face to tremendous levels".

"It would not be surprising if, during this holiday season, we see new attacks such as those based on IoT devices or mobile platforms," Mr McKeay added.

Separately, Akamai found that the number of distributed denial of service (DDoS) attacks in the third quarter increased by 8 per cent from the previous quarter, with the average number of attacks per target increasing by 13 per cent to 36.