Security Slideshow: Web Security Threats Morph As Exploit Toolkits Become WidespreadBy Don Reisinger | Posted 05-03-2012
Since 2006, new vulnerabilities in commercial applications have been on the decline, but they fell by 20 percent in 2011 compared to 2010, according to HP.
Although a decline in new vulnerabilities might indicate more safety, HP revealed in its Top Cyber Security Risks Report that exploits have simply gone elsewhere, including to custom-built Web applications.
It gets worse. According to HP, the actual number of attacks that have hit the Web more than doubled in the second half of 2011, pushing the total to over 500,000 on the year.
There were 480,000 attacks in 2010, up significantly from the 250,000 attacks tallied in all of 2009.
About 24 percent of attacks that did land on commercial Web applications carried a severity rating of 8 to 10 out of 10.
Commercial Web Apps
All told, 36 percent of all vulnerabilities came by way of commercial Web applications last year, according to HP's report.
HP found that 86 percent of Web apps are vulnerable to an injection attack that lets hackers take control over internal databases on a Web site.
Cross-site scripting accounted for about 10 million attacks in 2011. In 2010, it tallied about 25 million attacks.
Russia is the top source for attacks, tallying more than 4,000 distinct sources in 2011, according to data from HP's threat report.
Web exploit toolkits, purchased and traded online, let hackers access enterprise IT systems to steal mission-critical data. In November 2011 alone, over 80 percent of such attacks successfully infected systems.