DoS Surpasses SQL Injections as Primary Attack Method

Wednesday, March 16, 2011



An ongoing study of web-based attacks by Trustwave's SpiderLabs reveals that denial of service attacks (DoS) have surpassed SQL injections as the number one attack method.

In denial of service attacks, generally a large amount of information is sent to a web server at such high frequency that it overwhelms the processing capacity or causes the system to shut down and reset altogether.

The net effect is that the server can not longer operate correctly and the targeted website is rendered unusable for its primary purposes, such as customer interface or sales.

DoS attacks are low-tech, and the majority of internet servers are vulnerable to the attack method, which makes the tactic increasingly popular.

"Many of these organizations foolishly think that the network security gear that they have to handle the lower level DOSing floods will take care of this and it won't. The overall amount of traffic that you have to send to take down the Web server is a lot less, and it looks legitimate," said SpiderLabs' WHID project manager Ryan Barnett.

SpiderLabs' Web Hacking Incident Database (WHID) project looked at 222 incidents from 2010, and the findings are as follows - 

The primary motivation for the attacks broke down as:

  • Take down the Web sites (33 percent)
  • Defacement or vandalism (15 percent)
  • Stealing information (13 percent)

The primary attack types broke down as:

  • Denial of Service (33 percent)
  • SQL injection (21 percent) and
  • Cross-site scripting (9 percent)

Barnett advises that businesses redouble their efforts when it comes to preparing to defend against DoS attacks, noting that most industry surveys do not even list the DoS as a threat.

The study also indicates that many attacks use a combination of methods which may vary between industry sectors. Companies should look to defend against the types of attacks that are particular to their market.

"You need to re-prioritize because Web servers are actively being targeted with denial-of-service attacks. The outcomes and attacks and weaknesses are different, so depending on what market you are in, we have a pool of attacks that worked," says Barnett. "So CSOs should pick out examples in their market because those are most applicable to them," said Barnett.


Possibly Related Articles:
Denial of Service SQl Injection DoS Attacks Headlines Cross Site Scripting Website Security
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.