14 DAY TRIAL // RansomWeb attacks are happening five times more frequently in 2016, compared to 2015, security firm High-Tech Bridge is reporting, based on activity seen on its security products in the past six months.
The term "RansomWeb" describes attacks during which crooks break into a website using various vulnerabilities and encrypt its content. This can be its database or its files, but in the end, crooks notify the site owners that they have to pay a ransom to get their files back.
RansomWeb attacks detected for the first time in 2015
These Web-based ransomware attacks, hence the term RansomWeb, were first seen in January 2015, when High-Tech Bridge was called in to investigate a locked-down phpBB forum.
Since then, the company is saying that the numbers have grown tremendously, and crooks are using all sorts of vulnerabilities to break into websites and carry out such attacks.
High-Tech Bridge says that, in most cases, the hackers' favorite entry point is an SQL injection. These are severe vulnerabilities because attackers can quickly escalate their access from an SQL database and get control of the whole server.
60% of all websites contain a vulnerability
As part of a general overview of Web application security, which the company is presenting at this year's Infosecurity Europe 2016 conference, High-Tech Bridge also says that, overall, Web attacks are becoming more sophisticated, and criminals are combining different vectors to ensure they reach their desired goals.
High-Tech Bridge adds that three in five websites or APIs contain at least one security flaw, and if a service has an XSS vulnerability, in 35 percent of cases, it also hides multiple others as well.
HTTPS usage stats still depressing
Furthermore, High-Tech Bridge, who also runs an HTTPS scanning service, also says that only 24.3 of websites use proper SSL/TLS configurations, and only 1.38 percent are fully NIST compliant.
Worrying is the fact that 97 percent of all scanned websites are using the insecure TLS 1.0 protocol, soon to be deprecated in 2018, and that 23 percent are using the ancient SSLv3 protocol.
Webmasters who realize they run vulnerable websites usually employ a WAF (Web Application Firewall) to safeguard their properties against exploitation.
On average, High-Tech Bridge says that websites protected by a WAF often hides 20 percent more vulnerabilities. Unfortunately, this doesn't keep them safe, and the company is reporting that three out of five vulnerabilities can be leveraged despite the presence of a WAF.