Download the Fall 2012 Alert Logic Cloud Security Report
Twice a year our partner, Alert Logic, analyzes its customer intrusion detection data to see what kinds of threats people are really experiencing, and there are some interesting findings this time around. This time, as in the past, they find that web application attacks like SQL injection and cross-site scripting are one of the biggest problems customers face. In this Fall 2012 report, they also identified the tools that criminals used to launch the attacks, and found that two-thirds of them are now relying on automated tools – things like Havij, a favorite of Anonymous, which can be easily downloaded.
Some quick points covered in the report:
Web Application Security:
Half of all customers experienced web application attacks.
Two thirds of all web application attacks are launched using easily-available automated tools – making them easier for less skilled attackers find and use.
On-premise customers who experienced web application attacks were attacked more than twice as often as service provider customers.
Web application attacks are the most common type of incident in service provider hosted environments.
Cloud vs. On-Premise Attacks
Occurrence of types of attacks is similar for customers in on-premise vs. service provider environments, but on-premise customers experience each type of attack more frequently.
Malware/botnet activity is common in on-premise deployments but rarely detected in cloud and hosted customer environments.
On-premise customers experienced a slightly broader range of attacks (2.9 average incident types) than service provider customers (2.1 average incident types).
Web application attacks and reconnaissance activity are more common in service provider environments.
Industry isn’t a strong determinant of the types of attacks that customers experience; the type of IT infrastructure is more important.
The majority of attacks from China were brute force attacks, whereas in the US, Germany, and UK web application attacks are prevalent.
Asia is the source of high levels of reconnaissance activity, likely searching for vulnerable targets for follow-on attacks.