Imperva Inc. : Retailers Suffer 2X More SQL Injection Attacks than Other
Industries; One Application Attacked an Average of 26 Times per Minute
LEWIS PR for Imperva
Retailers Suffer 2X More SQL Injection Attacks than Other Industries; One
Application Attacked an Average of 26 Times per Minute
Imperva's Fourth Annual Web Application Attack Report
Finds U.S. the Number One Source of Web Attacks
REDWOOD SHORES, Calif. - July 23, 2013 -Imperva (NYSE: IMPV), a pioneer and a
leader of a new category of business security solutions for critical
applications and high-value data in the data center, released today the
results of the fourth annual Imperva Web Application Attack Report (WAAR),
which reveals that retailers suffer twice as many SQL injection attacks as
other industries. Additionally, these attacks were more intense, both in terms
of number of attacks per incident and duration of each incident. In fact,
retail applications received an average of 749 individual attack requests per
The report also shows that some applications are constantly under attack and
that the U.S. has maintained its position as the number one source of web
"While most of the 70 web applications monitored were attacked a significant
amount, some received an astounding number of attacks -- with one application
receiving up to an average of 26 per minute," said Amichai Shulman, CTO,
Imperva. "While these findings undeniably demonstrate that web application
attacks are far from consistently distributed, the takeaway is that
organizations should base security measures on the worst case scenario, not on
the average case."
The WAAR, created as part of Imperva's ongoing Hacker Intelligence Initiative,
offers insight into actual malicious attack traffic of 70 web applications
over a six-month period to reveal the underlying distribution of attacks, and
give an accurate picture of today's application threat landscape. To achieve
this, Imperva matched events to known attack signatures, compared attack
sources to black lists of malicious hosts, and reviewed specific attributes of
malicious traffic. The WAAR outlines the frequency, type, and geography of
origin of each attack to help security professionals prioritize vulnerability
Highlights from the report include:
*Retailers suffer twice as many SQL injection attacks as other industries:
Analysis revealed that SQL injection attacks on retail applications
consisted of more HTTP requests and lasted longer than SQL injection
attacks on other applications. This finding can be attributed to the
design and size of the applications. For example, it is plausible to
assume that retail applications contain a relatively large number of pages
in the form of online catalogs, and that this factor may have contributed
to the length and the intensity of SQL injection attacks.
*Most web apps monitored receive four or more attacks per month: A typical
application experienced 12 "battle" days; that is, days in which at least
one attack incident occurred. By comparison, the worst case scenario saw
176 battle days in the six months observed -- meaning the application
suffered attacks almost every day within this time period, with one
attacked on average as many as 26 times per minute. Another interesting
finding is that while the typical attack incident lasted around five
minutes, the worst-case incident was about 100 times longer, lasting more
than 15 hours.
*The US is the number one source of web attacks: The majority of requests
and attackers originated in the United States, Western European countries,
China and Brazil.
"We believe that, with the current threat landscape, organizations can no
longer afford to take an every-man-for-himself approach to security," said
Shulman. "This report demonstrates that the automation and scale of attacks
leave a large footprint that can be better addressed by looking at data
gathered from a large set of potential victims. Thus it is important to rely
on one's peers to acquire intelligence on malicious sources and apply this
intelligence in real time."
For a full copy of the Web Application Attack Report, please
Impervais a pioneer and leader of a new category of business security
solutions for critical applications and high-value data in the data
center.Imperva'saward-winning solutions protect against data theft, insider
abuse, and fraud while streamlining regulatory compliance by monitoring and
controlling data usage and business transactions across the data center, from
storage in a database or on a file server to consumption through applications.
With over 2,400 end-user customers in more than 75 countries and thousands of
organizations protected through cloud-based deployments, securing your
business with Impervaputs you in the company of the world's leading
organizations. For more information, visit www.imperva.com,follow us on
Twitteror visit ourblog.
© 2013Imperva, Inc.All rights reserved.Impervaand theImpervalogo are
trademarks ofImperva, Inc.
# # #
This announcement is distributed by Thomson Reuters on behalf of Thomson
The owner of this announcement warrants that:
(i) the releases contained herein are protected by copyright and other
applicable laws; and
(ii) they are solely responsible for the content, accuracy and originality of
information contained therein.
Source: Imperva Inc. via Thomson Reuters ONE
Press spacebar to pause and continue. Press esc to stop.