XSS the most widely-used attack method of 2019
The most widely-used cyber attack method used to breach large companies in 2019 was cross-site scripting (XSS), according to research.
The hacking technique, in which cyber criminals inject malicious scripts into trusted websites, was used in 39% of cyber incidents this year.
This was followed by SQL injection and Fuzzing, which were used in 14% and 8% of incidents respectively. Among other widely-used methods are information gathering, and business logic, although both were used in less than 7% of incidents.
With 75% of large companies targeted over the last 12 months, the report by Precise Security also revealed the key motivation behind cyber crime has been the opportunity for hackers to learn.
Almost 60% of hackers conducted cyber attacks in 2019 due to the fact it presents a challenge. Other prominent reasons for hacking a company’s systems include to test the security team’s responsiveness and to win the minimum bug bounty offered. ‘Recognition’ ranked sixth in the list of motivations, and was cited by just 25% of hackers. Bizarrely, 40% also said that they preferred to target companies that they liked.
Digging into industry-specific insights, additional research published this month also revealed the most prominent attack method faced by sectors within the UK economy.
The most prevalent hacking technique in the business, finance and legal sectors, for example, was macro malware embedded into documents, according to statistics compiled by Specops Software.
Retail and hospitality firms, meanwhile, suffered mostly from burrowing malware, present in 51% of attacks, as did governmental organisations, registering 37% of incidents.
The healthcare industry was susceptible mostly to man-in-the-middle attacks, in which communications between two computer systems are intercepted by a third-party.
Distributed denial of service (DDoS) attacks were the most common form of attack faced by the technical services industry, with 58% of incidents using this method.
As for how these attacks are conducted specifically, the Precise Security report showed that 72% of platforms used as a springboard for cybercrime are websites. WordPress, for example, is a prime target due to the massive userbase, with 90% of hacked CMS sites in 2018, for instance, powered by the blogging platform.
Application programme interfaces (APIs) were the second-most targeted platforms in 2019, being at the heart of 6.8% of incidents, with statistics showing Android smartphones are usually involved in such attacks.
Latest Jobs
-
- PCI QSA needed. Discreet Opportunity | London | Client facing
- London
- N/A
-
CH08421 PCI QSA needed. Discreet Opportunity | London | Client facing. Payment Card Industry - Qualified Security Assessor - London Seeking someone looking to accelerate their career, into a variety of interesting clients / projects. Must be happy to be onsite with clients- this is not a fully remote role. You must currently hold a valid CISSP or CISM or ISO27001 lead implementer certification AND one of the following; CISA, GSNA, iso27001 lead Auditor, CIA or IRCA ISMS auditor+ Visa sponsorship not available. Apply today for more information chris.holt@dclsearch.com Use this whatapp link to reach out https://wa.me/message/6USF5RAQBOZIP1
-
- Network / Security Infrastructure Engineer | West London | Permanent
- London
- N/A
-
Network / Security Infrastructure Engineer | West London | Current Config, Install, upgrade experience On prem / Datacetner experience essential. Hands on experience MUST include: Routing, Switching, Network Security (firewall, IDS etc), Microsoft exchange / Exchange 365. Scripting / automation experience wanted. Python, Powershell etc Regular travel to West London is required. Visa sponsorship not available. Apply today for more information chris.holt@dclsearch.com Use this whatapp link to reach out https://wa.me/message/6USF5RAQBOZIP1
-
- Security Operations / information Security Analyst / Engineer. London
- London
- N/A
-
Security Operations / information Security Analyst / Engineer needed for a London opportunity. A technical hands on role to investigate, escalate and proactively work to protect a globally recognised brand. Someone with SOC Analyst / security engineering background would be well suited. This position will join a small team and would suit someone that has broad experience across the security threat landscape. Experience / knowledge across industry GRC standards such NIST, ISO27001 etc very advantageous and a priority. You will work across multiple teams proactively working to secure the business. Must be able to commute to Central London 3 days a week. Visa sponsorship not available Apply today to find out more.
-
- Security Cleared Penetration Tester: United Kindom
- N/A
- N/A
-
Security Cleared Penetration Tester Deliver technical Penetration tests to the NCSC CHECK standard. Active CHECK Member or Leader status desirable either in Web Application or Infrastructure. Reach out to find out more. Whatsapp directly here https://wa.me/message/6USF5RAQBOZIP1 Or apply today