Wordpress is the most attacked web application, and websites that run the content management system are attacked 24% more often than those using alternative systems.
Results from the most recent annual Web Application Attack Report (Waar) from security supplier Imperva revealed Wordpress suffers 60% more cross site scripting incidents than all other CMS running websites combined.
Back in March, security researchers uncovered a DDoS attack that used more than 162,000 Wordpress websites. The attacker sent spoof web requests that appeared to come from the target site. By doing so, the attacker was then able to trick the Wordpress servers into bombarding the target site with traffic and ultimately knocking it offline.
The report also revealed that retailers are the biggest target of web attacks, and financial services the next biggest target, with 10% aimed at the sector.
The report said websites that require a login accounted for 59% of all attacks and 63% of all structured query language injection attacks.
Imperva CTO Amichai Shulman believes after three years of analysing attack data and origins, attackers from other countries are using US hosts to attack because they are geographically closer.
He said: "Looking at other sources of attacks, we were also interested to find infrastructure-as-a-service (IaaS) providers are on the rise as attacker infrastructure. For example, 20% of all known vulnerability exploitation attempts have originated from Amazon Web Services (AWS).
"They aren't alone - with this phenomenon on the rise, other IaaS providers have to worry about their servers being compromised. Attackers don't discriminate when it comes to where a datacentre lives."
Return to internet news headlines
View Internet News Archive