According to a new report from Positive Technologies, cybercriminals are increasingly attacking the web applications of banks and e-procurement platforms for quick financial gain. In addition, hacking e-procurement sites offers lucrative opportunities for reselling information, such as competitors' bids. Statistics in the report are drawn from pilot deployments of PT Application Firewall at companies and organizations in diverse sectors.
The fourth quarter was consistent with previous quarters: Cross-Site Scripting and SQL Injection remained the most popular attacks, together accounting for nearly half of the total.
As reported previously, hacker activity trended upward during the afternoon and evening. Most of these attacks were targeted at web users, who are usually most active during these hours.
Throughout the morning and night, by contrast, attackers are often trying to evade detection by security staff with their guard down.
When attempting Remote Code Execution, hackers are not necessarily hoping to gain LAN access, bring an application offline, or obtain sensitive data. Sometimes they have something entirely different in mind, said Positive Technologies analysts. One recent incident involved malware for mining Monero cryptocurrency, which was planted on the online appointment booking system of a government health agency. A successful web application attack may have been the cause.
The average number of daily attacks in Q4 fluctuated between 200 and 300, rarely dipping below 100. Attacks tended to lighten by the end of the week, but peaks could happen at nearly any time, including on the weekends.
Among pilot deployments, the maximum number of attacks recorded in 24 hours against a single company was 34,629.