WordPress most attacked application
Websites that run the WordPress content management system are attacked 24% more often than those using other systems
WordPress is the most attacked web application and websites that run the content management system (CMS) are attacked 24% more often than those using alternative systems.
The most recent annual Web Application Attack Report (Waar) from security supplier Imperva – which covered the period from 1 August 2013 to 30 April 2014 – also revealed WordPress suffers 60% more cross-site scripting (XSS) incidents than all other CMS-running websites combined.
As of February 2014, 74.6 million websites depend on WordPress, including The New York Times, CNN, Mashable and eBay, according to Imperva.
In March 2014, security researchers uncovered a distributed denial of service (DDoS) attack that used more than 162,000 legitimate and unwitting WordPress websites.
By sending spoofed web requests that appeared to come from the target site, the attacker was able to trick the WordPress servers into bombarding the target site with traffic, effectively knocking it offline.
The report also revealed retailers are the biggest target of web attacks, with just over 48% of all attacks aimed at them. Financial services was the next biggest target with 10% of attacks aimed at the sector.
More on cyber security
- Imperva finds old PHP vulnerability still being exploited by attackers
- More than 162,000 WordPress sites used in DDoS attack
- WordPress boosts security with authentication service
- CMS security recommendations for Drupal and WordPress
The Waar said websites that require a login – and therefore hold customer data – accounted for 59% of all attacks, and 63% of all structured query language injection (SQLi) attacks.
Compared with Imperva’s previous study – which analysed the period from 1 June 2012 to 30 November 2012 – SQLi attacks were up by 10%. Remote file inclusion (RFI) attacks increased by 24% and were 44% longer.
Most attacks originate in the US, according to the report.
Imperva CTO Amichai Shulman said after years of analysing attack data and origins, one of the things proposed in the report is attackers from other countries are using US hosts to attack, because they are geographically closer to targets.
“Looking at other sources of attacks, we were also interested to find infrastructure-as-a-service (IaaS) providers are on the rise as attacker infrastructure. For example, 20% of all known vulnerability exploitation attempts have originated from Amazon Web Services (AWS).
"They aren’t alone – with this phenomenon on the rise, other IaaS providers have to worry about their servers being compromised. Attackers don’t discriminate when it comes to where a datacentre lives,” he said.