Web application attacks were analyzed in a recent report by Edgio. The report found that the most prevalent attack mitigated was path traversal. A successful path traversal attack allows a threat actor to access files on a web server, and has surpassed the prior #1 threat, SQL injection, a common attack vector that often uses malicious SQL statements to attempt to exfiltrate sensitive data from databases behind applications.
The report found that the path traversal attacks can lead to deep system intrusions posing a significant threat to an organization’s infrastructure and the confidentiality, integrity and availability of data delivered over the Internet. These attacks can result in unauthorized access to content, the loss of personally identifiable information (PII), the dissemination of private/copyrighted information, or even remote code execution. Unmitigated attacks can lead to even more serious consequences, such as the deployment of ransomware or other malicious software.
The report looked at malicious requests and the different types of blocking, categorizing protection into three categories: access control rules, managed rulesets and custom signatures. Of those that were focused on access controls, over 76% of mitigated requests were based on IP, user-agent and country matches, highlighting just how much bad traffic can be eliminated with basic blocklisting tactics.
Top countries by malicious request origin, making up nearly 62% of all requests denied, include:
- United States: 26.3%
- France: 17.4%
- Germany: 9.4%
- Russia: 8.8%
Based on deep parsing of attack payloads, the report found that 98% of all malicious payloads fell into JavaScript Object Notation (JSON) and URL encoded form categories (used for storing and transporting data) but cautioned security teams to remain vigilant as attackers evolve in their selection of payload content types.
Read the full report here.