{"id":3071,"date":"2011-03-17T14:09:38","date_gmt":"2011-03-17T14:09:38","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=3071"},"modified":"2015-09-09T19:37:17","modified_gmt":"2015-09-09T11:37:17","slug":"web-hacking-incident-database-shows-dos-attacks-on-the-rise","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2011\/03\/web-hacking-incident-database-shows-dos-attacks-on-the-rise\/","title":{"rendered":"Web Hacking Incident Database Shows DoS Attacks On The Rise"},"content":{"rendered":"

It seems like the formidable Anonymous<\/a> army has managed to change the weighting of stats collected by the Web Hacking Incident Database (WHID) with it’s vast array of DDoS<\/a> attacks.<\/p>\n

We’ve reported on a couple of them like back in December when the WikiLeaks Attacks Caused Rival DDoS Retaliation<\/a>. There have been a whole lot of other attack types going as usual though with SQL Injection<\/a> and XSS (Cross Site Scripting)<\/a> making up the to the top 3 with DDoS Attacks.<\/p>\n

But if you haven’t worried about it before, perhaps now is the time to look into prevention\/protection against denial-of-service<\/a> attacks.<\/p>\n

Driven by the hacktivism of the loose-knit Anonymous group, denial-of-service attacks surged to the top of the list of Web incidents, outpacing SQL injection and cross-site scripting, according to a survey of publicly disclosed attacks.<\/p>\n

The ongoing survey, known as the Web Hacking Incident Database, categorized 222 incidents in 2010 and found that attackers aimed to take down the Web sites in a third of the incidents, while defacement accounted for 15 percent of attacks and stealing information was the goal in 13 percent of incidents. Unsurprisingly, the popular goal of causing downtime meant that denial-of-service attacks accounted for about a third of attack types, followed by SQL injection (21 percent) and cross-site scripting (9 percent).<\/p>\n

In many industry reports, denial-of-service is not even on the list, but companies should worry about such brute-force tactics, says Ryan Barnett, a senior security researchers with security firm Trustwave’s SpiderLabs, who manages the WHID project. “You need to re-prioritize because Web servers are actively being targeted with denial-of-service attacks,” says Barnett.<\/p><\/blockquote>\n

Simple tools like Slowloris<\/a> can give even the most robust web sites a big headache. Of course you also have to make sure you are secured against SQL Injection and any other kind of web attacks that can comprise your up-time or data.<\/p>\n

According to the data different industries need to be prepared for different kinds of attacks, obviously skilled attackers will focus different ways of compromising hosts in different sectors.<\/p>\n