Akamai has released its Q4 2016 State of the Internet Security report, which shows that three vectors – SQL Injection (SQLi), Local File Inclusion (LFI), and Cross-site Scripting (XSS) – accounted for 95% of all web application attacks.
The report uses data gathered from the Akamai Intelligent Platform, which provides an analysis of the cloud security and threat landscape.
The report stated that the use of SQLi increased from 44% (Q2) to 49% (Q3) to 51% (Q4).
Local File Inclusion decreased from 45% (Q2) to 40% (Q3) to 37% (Q4).
Highlights from Akamai’s latest security report relating to web application attacks include:
- The US remained the top source country for web application attacks, showing a 72% increase from Q3 2016.
- The number of web application attacks in Q4 2016 was down 19% from Q4 2015. Research into retail traffic over the Thanksgiving holiday week revealed an upward trend for four sub-verticals – apparel and footwear, consumer portals, consumer electronics, and media and entertainment – which suffered from web application attacks.
- Of the 25 DDoS attack vectors tracked in Q4 2016, the top three were UDP fragment (27%), DNS (21%), and NTP (15%). Overall DDoS attacks decreased by 16%.
- Akamai added a new reflection DDoS attack vector this quarter, Connectionless Lightweight Directory Access Protocol (CLDAP).