Security Slideshow: Web Security Threats Morph As Exploit Toolkits Become Widespread

By Don Reisinger  |  Posted 05-03-2012

New Vulnerabilities

Since 2006, new vulnerabilities in commercial applications have been on the decline, but they fell by 20 percent in 2011 compared to 2010, according to HP.

New Vulnerabilities

Roving Exploits

Although a decline in new vulnerabilities might indicate more safety, HP revealed in its Top Cyber Security Risks Report that exploits have simply gone elsewhere, including to custom-built Web applications.

Roving Exploits

Attacks Doubled

It gets worse. According to HP, the actual number of attacks that have hit the Web more than doubled in the second half of 2011, pushing the total to over 500,000 on the year.

Attacks Doubled

Steady increase

There were 480,000 attacks in 2010, up significantly from the 250,000 attacks tallied in all of 2009.

Steady increase

Severity Rating

About 24 percent of attacks that did land on commercial Web applications carried a severity rating of 8 to 10 out of 10.

Severity Rating

Commercial Web Apps

All told, 36 percent of all vulnerabilities came by way of commercial Web applications last year, according to HP's report.

Commercial Web Apps

Injection Attacks

HP found that 86 percent of Web apps are vulnerable to an injection attack that lets hackers take control over internal databases on a Web site.

Injection Attacks

Cross-Site Scripting

Cross-site scripting accounted for about 10 million attacks in 2011. In 2010, it tallied about 25 million attacks.

Cross-Site Scripting

From Where?

Russia is the top source for attacks, tallying more than 4,000 distinct sources in 2011, according to data from HP's threat report.

From Where?

DIY

Web exploit toolkits, purchased and traded online, let hackers access enterprise IT systems to steal mission-critical data. In November 2011 alone, over 80 percent of such attacks successfully infected systems.

DIY