14 DAY TRIAL // Hackers have favored directory traversal vulnerabilities in their attacks this year together with the more commonly known cross-site scripting (XSS) and SQL injection ones.
According to a report by data breach prevention firm Imperva who analyzed ten million attacks against web applications between December 2010 and May 2011, directory traversal vulnerabilities were exploited in 37% of attacks.
XSS weaknesses came next being leveraged in 36% of analyzed attacks and were followed by SQL injection vulnerabilities with 23% and remote file inclusion flaw with 4%.
"These findings very much mirror the approach used by hacking groups such as Lulzsec and Anonymous whose attacks largely focus on data theft via application attack.
"Our findings and the recent spate of high profile data breaches highlights how the battlefield has shifted to applications and databases and away from network firewalls and anti-virus," the company said.
Of course, most of the times several types of vulnerabilities were exploited together in a single attack to exapnd the attacker's access on the targeted systems.
According to Imperva's findings, websites are attacked 27 times per hour on average, however, some automated attacks can peak at almost 25,0000 hits per hour.
"The level of automation in cyber attacks continues to shock us. The sheer volume of attacks that can be carried out in such a short period of time is almost unimaginable to most businesses," said Imperva's CTO Amichai Shulman.
"The way hackers have leveraged automation is one of the most significant innovations in criminal history. You can't automate car theft, or purse stealing. But you can automate data theft. Automation will be the driver that makes cyber crime exceed physical crime in terms of financial impact," he added.
The United States is the primary source for these attacks, with most bots and infected computers used in such activities being located in the country. This makes it hard to trace attacks to specific organizations or groups.