XSS the most widely-used attack method of 2019
The most widely-used cyber attack method used to breach large companies in 2019 was cross-site scripting (XSS), according to research.
The hacking technique, in which cyber criminals inject malicious scripts into trusted websites, was used in 39% of cyber incidents this year.
This was followed by SQL injection and Fuzzing, which were used in 14% and 8% of incidents respectively. Among other widely-used methods are information gathering, and business logic, although both were used in less than 7% of incidents.
With 75% of large companies targeted over the last 12 months, the report by Precise Security also revealed the key motivation behind cyber crime has been the opportunity for hackers to learn.
Almost 60% of hackers conducted cyber attacks in 2019 due to the fact it presents a challenge. Other prominent reasons for hacking a company’s systems include to test the security team’s responsiveness and to win the minimum bug bounty offered. ‘Recognition’ ranked sixth in the list of motivations, and was cited by just 25% of hackers. Bizarrely, 40% also said that they preferred to target companies that they liked.
Digging into industry-specific insights, additional research published this month also revealed the most prominent attack method faced by sectors within the UK economy.
The most prevalent hacking technique in the business, finance and legal sectors, for example, was macro malware embedded into documents, according to statistics compiled by Specops Software.
Retail and hospitality firms, meanwhile, suffered mostly from burrowing malware, present in 51% of attacks, as did governmental organisations, registering 37% of incidents.
The healthcare industry was susceptible mostly to man-in-the-middle attacks, in which communications between two computer systems are intercepted by a third-party.
Distributed denial of service (DDoS) attacks were the most common form of attack faced by the technical services industry, with 58% of incidents using this method.
As for how these attacks are conducted specifically, the Precise Security report showed that 72% of platforms used as a springboard for cybercrime are websites. WordPress, for example, is a prime target due to the massive userbase, with 90% of hacked CMS sites in 2018, for instance, powered by the blogging platform.
Application programme interfaces (APIs) were the second-most targeted platforms in 2019, being at the heart of 6.8% of incidents, with statistics showing Android smartphones are usually involved in such attacks.
- Senior Cyber Risk Consultant, UK - Remote first- Exclusive
- United Kingdom
- Depended on experience.
Cyber Security Risk Consultant to join specialist, people first security consultancy. WARNING if you want a large, slow moving, high politics, high travel security consultancy that demands their a pound of flesh this is NOT for you. Client focused opportunity. Prior consulting experience is essential within Cyber Security. Experience working with businesses to identity and make recommendations to mitigate cyber risk. Some of the nice to have certifications. CRISC, ISO27001 Lead implementer, CISA, CISM, CISSP UK based - remote first mentality. (With some travel) Training budget Unlimited holiday Looking to interview immediately Unable to offer sponsorship.
- identity access Management Consutlant
- Upto £80,000 plus benefits
An Identity & Access Management Consultant is needed for an expanding business based in the United Kingdom. (Remote role with monthly office meet ups) The Identity & Access Management Consultant will be responsible for the technical design and implementation of Identity & Access Management/IAM products for a wide variety of clients. Deliver bespoke end-to-end consultancy service to our clients, from gathering requirements through to implementation. Work in a close team designing, developing, and implementing first-class IAM solutions. Manage client relationships, working closely with key stakeholders to continually evaluate business requirements and ensure the highest quality solution delivery. If you are interested we are looking for an individual with Previous experience working within the IAM or CIAM field is essential, Strong knowledge with SAML and Oauth and ideally OpenID Previous experience from any of these technologies: One Identity, SailPoint, Saviynt, Ubisecure, Ping Identity, would be advantageous
- 17'5 NOT 4 7R4P | Pen testing Lead 100k++
Lead Penetration tester wanted please. - This is however a Master level as appose to padawan. 1. 100k+ for the skilled individual. 2. Research / training time 3. Hybrid role- 3 days at home 2 in the office with the team in London. (11am - 16:00) 4. Exclusive opportunity. So yours to hear about if you are quick. Infrastructure and Web application / red teaming pen testing experience Someone that can scope, deliver and speak to clients.
- It's Pen Testing, The good, the bad and the ugly
- United Kingdom
A new lead Pen Testing opportunity, AND slightly different from the usual you may see. The good, the bad and the ugly… Lalalalala la laa laaaa The GOOD 1. £90-110k for the skilled individual. 2. Research / training time 3. Hybrid role- 3 days at home 2 in the office with the team in London. (11am - 16:00) 4. Exclusive opportunity. So yours to hear about if you are quick. The bad 1. You have to apply or email me so we can speak. 2. 17'5 NOT 4 7R4P or click bait The ugly 1. It’s only ugly if you don’t reply and someone else you know gets it. Infrastructure and Web application / red teaming pen testing experience Someone that can scope, deliver and speak to clients. Apply today for more information.