HTTPS). The use of web application attacks over HTTPS is likely to rise as more sites adopt TLS-enabled traffic as a standard security layer. Attackers may also use HTTPS in an attempt to penetrate back-end databases, which are typically accessed from applications served via HTTPS. As in previous quarters, local file inclusion (LFI) and SQL injection (SQLi) attacks were by far the most prevalent web application attack vectors of those ranked. The retail industry was hit hardest, receiving 55% of web application attacks, with the financial services industry a distant second, receiving 15% of attacks. Web application attacks relied heavily on botnets that take advantage of unsecured home-based routers and devices. The third quarter was also notable for an increase in WordPress plugin attack attempts, not only for popular plugins but also for less-known vulnerable plugins. In Q3 2015, the US was the main source of web application attacks, accounting for 59% of attack origin traffic, andwas also the target of 75% of these attacks. The top three attacking Autonomous System Number (ASNs) were associated with virtual private systems (VPS) owned by well-known cloud providers in the US. Many of the cloud-based virtual servers that are launched each day lack sufficient security and are compromised and used in a botnet or other attack platform. A look at website scrapers A scraper is a specific type of bot whose purpose is to acquire data from targeted websites, store and analyse it, and then sell or use the data. One example of a benign scraper is a search engine bot. Other examples are rate aggregators, resellers and SEO analytics services. A section of the security report discusses scrapers and provides an easy way to identify them. Web application attack metrics Compared with Q2 2015 96.36% increase in HTTP web application attacks 79.02% decrease in HTTPS web application attacks 21.64% increase in SQLi attacks 204.73% increase in LFI attacks 57.55% increase in RFIattacks 238.98% increase in PHPi attacks Download the report A complimentary copy of the Q3 2015 State of the Internet – Security Report is available as a free PDF download at . About stateoftheinternet.com Akamai’s shares content and information intended to provide an informed view into online connectivity and cybersecurity trends as well as related metrics, including Internet connection speeds, broadband adoption, mobile usage, outages, and cyber-attacks and threats. Visitors to stateoftheinternet.com can find current and archived versions of Akamai’s State of the Internet (Connectivity and Security) reports, the company’s data visualisations and other resources designed to help put context around the ever changing Internet landscape. About Akamai As the global leader in Content Delivery Network (CDN) services, Akamai makes the Internet fast, reliable and secure for its customers. The company’s advanced web performance, mobile performance, cloud security and media delivery solutionsare revolutionising how businesses optimise consumer, enterprise and entertainment experiences for any device, anywhere. To learn how Akamai solutions and its team of Internet experts are helping businesses move faster forward, please visit or , and follow @Akamai on .
If you enjoyed this article, subscribe to receive more great content just like it.