Connect with us

Hi, what are you looking for?

HEADLINES

Web vulnerabilities in 2017 up by 212 percent

Companies are being urged to beef up their web security as the numbers of web application vulnerabilities are rapidly increasing, as reported in a study by its global partner Imperva Incapsula that shows an overview of web application vulnerabilities in 2017.

According to the study, 2017 saw a whopping 212 percent increase in new vulnerabilities with 14,082 recorded, as compared to 2016’s 6,615. Imperva also states that more than half of these vulnerabilities have a public exploit available to hackers, and that more than a third (36 percent) don’t have an available solution such as a software upgrade workaround or software patch.

Niño Valmonte, Director for Marketing & Digital Innovation, at IP Converge Data Services, Inc. explains that money is the main motivator in the rapid increase of web vulnerabilities. “Websites are common targets because they can generate a substantial amount of money for cybercriminals. For instance, an e-commerce website would normally store personal information. In the wrong hands, we already know the kind of risk we can get exposed to. Also, criminals can hold websites up for ransom from company owners.”

Ransomware, the method of putting up a website for ransom that Valmonte referred to, is a global phenomenon that is predicted to exceed $11.5 billion annually by 2019. The most common form of payment sought from victims in order to get their websites back is the popular cryptocurrency Bitcoin.

Content of websites in peril

Advertisement. Scroll to continue reading.

Another alarming statistic that the study revealed is the increasing number of vulnerabilities in Content Management Systems (CMS), a tool used to create and manage content posted on a website. The study revealed that WordPress, one of the most commonly used CMS today, posted a 400% increase in new vulnerabilities since 2016, with 75% coming from third-party vendor plugins.

IPC urges businesses to be wary of this as when successfully infiltrated, cybercriminals can use the CMS to edit, remove, and even post content on a website. The damage may range from altering text to even changing the visual appearance of the entire website, a tactic commonly known as defacement. Criminals can also extract sensitive information stored inside a website through the CMS.

“These findings should serve as a wake-up call for organizations to put up stronger web security protocols. CMS infiltration should not be taken lightly because this is only the tip of the iceberg. CMS attacks also pose risks to personal and confidential data,” Valmonte said.

To protect one’s website, IPC recommends deploying security measures such as applying a Web Application Firewall (WAF) that can monitor and control incoming web traffic.

As one of the leading DDoS Mitigation service providers, IPC provides subscription-based WAF service through IPC InCAST (In-Country Attack Scrubbing Tactics) services, a cloud-based Web Application Firewall proxy solution that is supported by the country’s first and only DDoS Mitigation Service to feature local data scrubbing.

Advertisement. Scroll to continue reading.

“By closely monitoring network traffic, WAF can detect and block any malicious data, thereby stopping an attack from happening in the first place,” explained Valmonte.

You May Also Like

HEADLINES

The exploit, discovered by Kaspersky’s Global Research and Analysis Team (GReAT), required no user interaction beyond clicking a malicious link and demonstrated exceptional technical...

HEADLINES

At the end of 2023, Sophos X-Ops noted a significant increase in ‘remote encryption’ attacks – where ransomware attackers breach a compromised and often...

HEADLINES

With the launch of KATA 7.0, organizations can now benefit from enhanced Network Detection and Response (NDR) capabilities with deeper network visibility, internal threats...

HEADLINES

In 2024, Globe blocked 3,096 child pornography domains or those containing child sexual abuse and exploitation materials (CSAEM), a slight increase from 3,047 domains restricted...

HEADLINES

During a recent webinar on Building Resilience Against Online Scams, hosted by fiber broadband and technology provider Converge ICT Solutions Inc., its Chief Executive...

HEADLINES

In 2024, Kaspersky restructured its Partner Program into four key partner types, recognizing the diverse profiles within its network – from traditional resellers and...

White Papers

The study tested 2,000 UK and US consumers, exposing them to a series of real and deepfake content. The results are alarming: only 0.1%...

HEADLINES

Deepfakes pose significant threats and risks, with nearly half of companies worldwide reporting incidents in 2024, according to industry reports. HONOR’s innovative solution immediately...

Advertisement