- There has been a 14 percent increase in overall web application attacks from Q1 2016 to Q2 2016, while healthcare web application attacks have also increased in the past year, according to recent research from Akamai.
DDoS attacks also increased from Q1 to Q2 of this year, going up by 9 percent, the Q2 2016 State of the Internet Report found. However, there was an average of 27 DDoS attacks per target in Q2, which is lower than the average of 29 attacks per target in Q1. The hardest hit target was attacked 373 times.
With these types of attacks, outside parties try and flood systems using a variety of connections to overwhelm the system. Hackers can use programs or bots to generate numerous attacks, which can hinder organizations from blocking one IP address and shut down a specific process.
In a healthcare DDoS attack, providers could be prevented from accessing patient information. Hackers could also gain unauthorized access to PHI.
The report showed that the pharmaceutical/healthcare industry accounted for 0.31 percent of web application attack triggers in Q2. Even so, there were 899,827 attack triggers, which is three times higher than Q2 2015. This shows that the industry is increasingly being targeted, as medical records are extremely valuable on the black market, the report’s authors explained.
Overall, the US was the highest target of web application attacks at 64 percent, an increase from the 60 percent in Q1.
“Given that many companies have their headquarters and IT infrastructure in the US, this is not surprising,” the report stated. “Many of the major virtual private server (VPS) / hosting providers are based in the US, which plays a valuable role in obfuscating the actor’s identity while conducting Internet crimes.”
The report also looked at average number of attacks per target. The average number for Q2 was 27, which is a negligible change from the 29 average in Q1 2016. However, as previously mentioned, there was one organization that suffered a total of 373 attacks.
“While most of these attacks were of relatively short duration and limited effect, the repeated hammering of the site was a serious threat to the organization,” wrote the report’s authors. “High value sites are attacked more frequently, because even a slight weakening in their defenses may reward the attacker with a significant return on the time spent.”
There is no indication that these types of attacks will decrease in frequency, the report concluded. The size of the largest attacks continue to increase, and it is very likely that DDoS attacks overall will also continue to rise.
“Continued proliferation of easy-to-use DDoS-for-hire technology will remain a threat. The same technologies that make the user experience easier for law-abiding people also create an easier experience for the online criminal community,” the report’s authors stated. “New malware has emerged to take advantage of IoT architectures.”
The previous Akamai DDoS report had similar findings, with the healthcare and pharmaceutical industries accounting for only 0.07 percent of web application attack triggers. But that still accounted for 317,664 total attack triggers.
“It is likely that cloud providers will remain the biggest trouble spot unless they do more to improve their default system configuration security procedures,” Akamai said in its Q1 report.
Image Credit: Akamai