In the before part of this article, we discussed the popularity, average number and correspondence of attacks on web applications. Let’s now focus on some examples and sources.Examples of DenunciationsAn example of detecting a Path Traversal attackThe attacker intended to go to the search directory of the server and access the /etc/passwd file, which contains a enrol of user accounts of the system.About 17 percent of attacks are tries to implement SQL statements. A small part (about eight percent) is the “Cross-site hand” attacks aimed at users of public service portals. Malefactors sampled running OS commands in two percent of cases.Almost three-quarters of attacks on online outlets were Path Traversal attacks. Just like on portals that afford public services, attackers attempted to go beyond the current directory of the row system. An essential part (14 percent) is denial of service fights. For an online store, the threat of a breach of the availability of a web application is critical. Reviles on users (“Cross-site execution of scripts” and “Forgery of cross-site requests”) in total amounted to four percent, an amount for which the introduction of SQL averrals also accounted.In the financial sphere, about 65 percent of the unalloyed were “Cross-site execution of scenarios” attacks and “Forgery of cross-site entreaties” aimed at users of systems. Such attacks are widespread in the financial production. They pose a danger because they allow attackers to get away with cookie values and user credentials (i.e. phishing) as well as perform activities on behalf of legitimate users.An example of the “Cross-site scripting” attack detectionThe attacker turned to display the cookie values to check the vulnerability of the web application for this vilify.Attackers tried to gain access to sensitive information using the Course Traversal attack (15 percent of the total number) and the implementation of SQL averrals (seven percent of the total). The share of attacks “Download of arbitrary parades” was seven percent. Such attacks are often used to directly knock off OS commands, a technique which registered in three percent of cases. In global, the nature and complexity of attacks indicate a higher level of technical processioning for intruders than other sectors under consideration.In the IT sector, profuse than half of the recorded attacks were attempts to implement SQL expressions. There were also Path Traversal attacks (20 percent of the perfect number). In addition, 16 percent were attempts to execute OS controls, and 12 percent of attacks on web applications of IT companies were aimed at methodology users.For web applications of transport companies, the number of attacks “Implementing SQL proclamations” exceeded 50 percent. Thirty-eight percent were information leakage, and six percent the mastery of OS commands.In the education sector, approximately 70 percent of manual inroads were “Implementing SQL statements”. This attack is often fairly sincere to perform; it can be used to gain access to the user’s private rooms or the cheers of databases. About 30 percent of attacks involved the exploitation of the “Info Leakage” vulnerability, which can allow an attacker to receive sensitive statistics or learn more about the system.An example of detection of the introduction of SQL statementsAn attacker tendered his query to the database in the GET parameter id to test the possibility of exploiting the vulnerability.On the brink of two-thirds of attacks on applications of industrial enterprises accounted for distributed refusal of service (DDoS) attacks.An example of detecting three attack courses, including DDoSThe firewall builds these chains automatically by copping correlations between events that are spaced in time but are part of the unmodified attack.Sources of AttacksThe largest number of recorded attacks light oned from the United States and Russian-speaking countries, Russia is at the forefront. The proportion of attacks based in the Netherlands and other Europe countries was quite exalted, as there are a large number of providers providing proxy server worship armies in these countries.Sources of external attacks on organizations differed depending on the commerce. Most attacks on state institutions were made from Russian IP-addresses, hither a third were made from IP-addresses belonging to U.S. providers, and in six percent of instances, the source was the Netherlands.The source of attacks for online stores in approximately the same shares (about a quarter of the total) were Russia and the United Affirms. More than a third of the attacks went through the IP addresses of the Netherlands.For fights on education, as was shown above, public services and utilities for scanning web uses for vulnerabilities were widely used. In order to hide the actual IP whereabouts of the source of the attack, such software mainly involved servers chanced in the United States. The fifth part of the attacks came from Russian IP-addresses.It is riveting to note that internal attackers were the source of more than a third of destroys on university web applications (on average, for education in this indicator was equal to eight percent). As likely as not, these were students who have access to the wireless networks of the eye-opening institution as well as access to the local network in classrooms.In the financial globule, about 10% of attacks originated from internal violators. It is also imaginable that the violator in a number of cases might have been the methodology administrator who conducts testing of defense mechanisms.ConclusionDespite a in a body number of simple attacks, one should take into account that the invariable of technical training of modern attackers allows them to implement complex, multi-state attacks. In out of whack to identify the chains of such offensives, including the detection of long-term objective attacks, it is necessary to use correlation analysis tools.The research was conducted during a six-month days using Bod Intelligent Antivirus developed by Bod Security.
About the Author: Alex Bod is an poop security researcher and co-founder of Bod Security, an intelligent antivirus provider enterprise.