Application-layer attacks against enterprises are growing quickly, with SQL injection attacks leading the way, accounting for nearly two-thirds of all application attacks, according to new data from Akamai.
Since November 2017, Akamai’s customers saw more than 2.5 billion SQL injection attack attempts, a number that far outstrips any other single type of application-layer attack. SQL injection attacks, which attackers use to pass commands to a back-end database through applications, are by no means new and generally are well understood by defenders. But SQL injection vulnerabilities are still quite prevalent in web apps, and can be highly valuable to attackers, depending upon what app is the target.
Akamai’s data, which is part of the company’s new State of the Internet Security Report, shows that attackers are continuing to use SQL injection broadly. The main reasons for this is because they work well and are not overly complicated to execute.
“The growth of SQLi as an attack vector over the last two years should concern website owners. In the first quarter of 2017, SQLi accounted for 44% of application layer attacks. This actually represented a rather large drop from the previous baseline, which was historically slightly over 50%. While every application attack vector is stable or growing, none are growing as quickly as SQLi,” the Akamai report says.
SQLi attacks specifically and app-layer attacks in general hit organizations around the world, but enterprises in the United States saw far more of the attack attempts than did businesses in any other country. About 67 percent of all app attacks targeted U.S. organizations, with the U.K. coming in a distant second. The U.S. also was the top source country for app level attacks, accounting for nearly 1 billion attacks.
“When we look at where application attacks originate, the traffic is much more evenly distributed around the globe. The United States maintains an unhealthy lead as the biggest source of these attacks, but Russia, the Netherlands, and China all show significant amounts of alerts originating from their countries,” the report says.
“It should be noted that ‘source country’ designates where the traffic is coming from and does not necessarily indicate where the actual attacker is located. Smart attackers take significant steps to hide where they’re coming from, and are also unlikely to show up in Top 10 lists, as their attack patterns tend to be much quieter.”
The data that Akamai collected also reveals a huge volume of credential-stuffing attacks, which aim to take over a target victim’s account on a given site or app. These attacks typically use large sets of compromised credentials gleaned from data breaches which are traded and sold in cybercrime forums. Akamai saw 55 billion credential stuffing attack attempts in the 17 months covered in the report, and a large portion of those targeted online games and gaming apps. About 12 billion such attacks hit gaming accounts, and Akamai researchers said the motivation there is the oldest one around: money.
“One reason that we believe the gaming industry is an attractive target for hackers is because criminals can easily exchange in-game items for profit,” said Martin McKeay, a security researcher at Akamai.
“Furthermore, gamers are a niche demographic known for spending money, so their financial status is also a tempting target.”