Imperva WAAR Report Shows Increase in Attacks on Amazon Web Services

There is an alarming increase in the number of hacking attempts launched from Amazon’s cloud based servers, as shown by the WAAR report by Imperva.


Photo: Gil C / Shutterstock

Cloud systems are quite popular with cyber criminals because they have several flaws that a smart hacker can easily exploit. Also, in spite of their huge popularity, cloud-based storage systems do not have a reliable security infrastructure to protect the data they store. This makes a hacker’s job a whole lot easier.

Imperva’s Web Application Attack Report (WAAR) says that Web application attacks are growing in number. What is particularly worrying is the fact that the majority of these attacks are launched from cloud-based infrastructure as a service (IaaS) platforms.

The report also states that 20 percent of all vulnerability exploitation originated from Amazon’s web services. Amazon web servers were also the target of 10 percent of SQL Injection attacks noticed by Imperva.

Imperva also analyzed spammy web traffic recorded by its monitoring system over a nine-month period. Between April 2013 and April 2014, they noticed a significant rise in malicious traffic. Remote File Inclusion attacks and SQL Injection attacks were the most common methods used to infiltrate systems.

Attacks have also become much longer in duration. In fact, they are now 44 percent longer than what they were during the period discussed in the previous WAAR report.

Research director Itsik Mantin said that these longer attacks are proof of the determination of the attackers. They are now ready to invest more time and resources to succeed. In some cases, Imperva noticed attack campaigns on specific applications that would last for months with attack trials being launched every hour. In such cases, the attackers may have been looking for changes in that application, which would offer the vulnerability they needed.

Another noticeable trend is the increase in the number of hacking attempts launched on sites protected by authentication systems. Cyber criminals find these websites quite attractive because they generally contain sensitive data like consumer information.

In fact, the report states that the websites using log-in functionality are the targets of 59 percent of all application attacks. They also suffer almost 63 percent of SQL injection attacks. Hackers mainly target the retail industry, and thus retail websites are the worst hit by web application attacks. They were the target of 40 percent of SQL injection attacks and 64 percent of all spammy HTTP traffic. About 10 percent of attacks were aimed at financial institutions. PHP applications are three times more vulnerable to XSS attacks than .NET applications.

WordPress is the worst hit CMS platform. WordPress sites had an increased risk (24.1%) of attacks than sites running other platforms. In addition, the report states that websites running WordPress suffer about 60 percent more Cross Site Scripting (XSS) attacks than other CMS platforms combined.

The United States is the principal source of all web application attacks. When it comes to cross site scripting attacks, the UK is the number one source. A majority of targets are also located in the United States.

Imperva concluded its WAAR report by emphasizing the need for companies to keep themselves informed about the threats they face. Hackers are becoming more sophisticated. If the security infrastructure does not rise up to the challenge, companies and individuals will suffer huge losses.