Attackers turn sights on healthcare websites
Interestingly, Local File Inclusion accounted for a high percentage of attacks in this sector: 33.3%, far above the average seen across all sectors (10%). This technique is often used by hackers to hijack web applications and host malicious files on trusted websites with the specific goal of spreading malware. A similar attack was used in October to distribute Bad Rabbit ransomware through a fake Flash Player download from media sites.
Positive Technologies’ research analysts believe the attackers are determined to abuse the trusted status of healthcare websites, which has a domino effect—the types of vulnerabilities exploited often lead to malicious files being placed on visitors’ machines, which can then lead to data theft or worse. Analysts also found that it took three days on average to begin exploiting a vulnerability after publication, but there are certainly exceptions. For example, after the details of the Optionsbleed vulnerability in Apache web servers were revealed, it took only three hours for first exploit attempts to begin.
The most widespread attack in Q3 was SQL Injection (25.5 percent), which allows a successful intruder to obtain unauthorized access to sensitive information or execute OS commands. Cross-Site Scripting came in second (22.7 percent) and these two methods accounted for almost half of all attacks against web applications monitored in this period. In addition to the focus on healthcare, the percentage of Local File Inclusion attempts increased across the board to 10 percent. Compared to the previous quarter, the number of high-severity attacks – such as Remote Code Execution and OS Commanding (8.2 percent) – also doubled. These tactics give an intruder the chance to obtain full control over a server with a web application.
The report also shows that web applications, on average, were hit by 500-700 attacks per day, and only rarely dipped below 200. The data also shows that hackers did their best to leverage opportunities that offered greater benefits. For example, they launched attacks not only on workdays but also on weekends. The maximum number of attacks per day reached a high of 4,321, with attack intensity rising in both daytime and evening hours.