Web Application Attack Report, or WAAR, an annual report published by Imperva, a data security firm, has revealed that among all content management systems, it is WordPress that is most attacked by cyber crooks. In the 5th annual report from Imperva, experts have come to a conclusion that CMS endures 24% more attacks from cyber criminals than all other content management systems combined. The research team of Application Defense Centre of Imperva compiled this report on the basis if study conducted over a period of one year from Aug 2013 to April 2014.
The report says that WordPress has no doubt been the most popular of content management systems but it is also one system that has been exposed by the hackers because of its vulnerabilities. It seems that hackers around the world focus their attention of WordPress because of its popularity as the commonly deployed content management system fir running websites. Hackers believe that it is more fruitful in terms of returns on investment to focus upon WordPress and they invest their time and effort on this CMS to expose its vulnerabilities.
WordPress running websites did not have a great time last year with more than 1000 such sites being attacked by hackers. These hackers were primarily interested in connecting the users with a criminal botnet so as to make them launch unintentionally a denial of service attacks. One such botnet was uncovered by a security firm called Securi when it was studying the attack on the website of one of its clients. Securi traced the sources to more than 162000 WordPress sites that were totally legitimate.
Concerned by increasing attacks on its websites, WordPress joined hand with parties like Google, Twitter, Mozilla, Edward Snowden, Reddit, etc in their fight against the hackers. These organizations and individuals are a part of the large Reset the Net campaign that aims at protecting the interest of the innocent users of internet and the owners of websites around the world.
PHP remains ahead of ASP in terms of attacks
This was also the year when the annual report called WAAR also included other applications like .NET and PHP in its study. The study found that in comparison to ASP applications, it is PHP that suffers from more than 3 times attacks from the hackers. These are cross site scripting attacks known as XSS attacks. PHP is also enduring 2 times more attacks than ASP applications in terms of directory traversal attacks.
Retail sector bears the brunt of attacks
What is very surprising is the fact that it is the websites with login functionality that have faced more attacks even though there is a belief that are very safe. Nearly 50% of the attacks in the nine month period covered by this study were carried out on websites in the retail sector. Placed second were finance websites that accounted for nearly 10% of the total attacks. In comparison to attacks during the last year, attacks this year have been much longer. As far as sources of attack are concerned, US remains the top source of all cyber attacks.