Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

DDoS Attacks Up 22 Percent In Second Half Of 2010, Study Says

Denial-of-service has become top attack vector, according to Trustwave report

Distributed denial-of-service (DDoS) attacks have become the top vector for attacking websites, according to a report released today.

DDoS attacks jumped to the No. 1 attack vector, up 22 percent over the first half of 2010, according to Trustwave's second-half 2010 Web Hacking Incident Report.

"Based on our report, website downtime is far from the traditional intended outcome of a [DDoS] attack, which is typically hacking for profit," the report says. "As a result, most businesses were not equipped to handle such an attack because they had not tested, nor properly implemented, anti-automation defenses for their Web application architecture.

"Our study found that most businesses wrongly assume that network hardware will stop DDoS attacks, or believe their website will not be targeted by such attacks," the report continues. "But the increase in this attack vector proves that businesses, both large and small, should test their website limitations to better understand how their applications will respond to such an attack."

Attacks against government agencies resulted in defacement in 26 percent of attacks, while the finance sector experienced monetary loss in 64 percent of attacks. Retail was most affected by credit card leakage (27 percent).

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I think the boss is bing watching '70s TV shows again!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26246
PUBLISHED: 2020-12-03
Pimcore is an open source digital experience platform. In Pimcore before version 6.8.5 it is possible to modify & create website settings without having the appropriate permissions.
CVE-2020-29279
PUBLISHED: 2020-12-02
PHP remote file inclusion in the assign_resume_tpl method in Application/Common/Controller/BaseController.class.php in 74CMS before 6.0.48 allows remote code execution.
CVE-2020-29280
PUBLISHED: 2020-12-02
The Victor CMS v1.0 application is vulnerable to SQL injection via the 'search' parameter on the search.php page.
CVE-2020-29282
PUBLISHED: 2020-12-02
SQL injection vulnerability in BloodX 1.0 allows attackers to bypass authentication.
CVE-2020-29283
PUBLISHED: 2020-12-02
An SQL injection vulnerability was discovered in Online Doctor Appointment Booking System PHP and Mysql via the q parameter to getuser.php.