Web application attacks rise 16 percent in Q2 2016
Cloud services provider and content network Akamai Technologies recently released its latest State of the Internet report, this one for the second quarter (Q2) of 2016.
According to Akamai’s Q2 2016 State of the Internet Security Report, web application attacks increased moderately on a quarterly basis. Overall, there was a 14 percent rise from the first quarter (Q1) of 2016 to the second quarter (Q2) of 2016.
New top source country
In Q1 2016, the U.S. sat atop the list as the top source country for web application attacks, but there was a 13 percent decrease in Q2. Brazil had a 197 percent increase in sourced attacks quarter-over-quarter, and ended up supplanting the U.S. as the top source country.
Web Application Attack: A type of cyber attack that typically involves either cross-site scripting (XSS) or injection actions. This type of attack typically targets flawed coding or otherwise insecure web applications.
— StateOfTheInternet (@akamai_soti) September 29, 2016
Trends in web application attacks
Attackers launched more than three-quarters (77 percent) of all web application attacks in Q2 over HTTP versus HTTPS (23 percent).
Akamai noted that attacks are likely less common against encrypted (HTTPS) sections of websites simply because there are “so many tempting targets on HTTP pages.” There was a 7 percent decrease in web app attacks on HTTPS in Q2.
Additionally, nearly two-thirds (64 percent) of all web app attacks in Q2 targeted U.S. websites.
Attacks in Q2 targeted the retail industry more often — 40 percent of all attacks — than any other industry. Other heavily targeted industries included hotel & travel (21 percent), financial services (11 percent) media & entertainment (5 percent), the public sector (5 percent), and high technology (5 percent).
According to Akamai, nearly a third (32 percent) of all web application attacks utilized anonymization tools to mask identities. The use of these type of tools makes tracking attackers much more difficult.