Nineteen Percent of Online Attacks in 2009 Targeted Social Networking Sites, According to Breach Security Report

New Web Hacking Report Shows Steep Rise in Web 2.0 Exploits Including Twitter
Posts and Other User-generated Content
CARLSBAD, Calif.--(Business Wire)--
Breach Security, Inc., the leader in web application integrity, security and PCI
compliance, today announced a steep rise in attacks against social networking
sites, according to the Web Hacking Incidents Database (WHID) 2009 Bi-Annual
Report. Accounting for 19 percent of hacking incidents, social networking sites
were the most targeted vertical market in the first half of 2009, with hackers
exploiting Web 2.0 features such as user-generated content including Twitter
posts to launch their attacks. 

The WHID project compiles and analyzes application-related security incidents,
focusing exclusively on publicly reported web application security attacks that
have an identified outcome. The WHID 2009 Bi-Annual report analyzed global
security incidents that occurred from January 1 through July 31, 2009, a 30
percent increase in overall web attacks compared to 1H 2008. 

Key findings from the WHID 2009 Bi-Annual Report include:

* Drivers for Web Hacking - Defacement, which combines both planting of malware
and standard overt changes, remains the most common outcome of web attacks
(28%), while leakage of sensitive information is a close second (26%, up from
19% in 2008). Disinformation is a distant third (19%), mostly due to the hacking
of celebrity online identities. 
* Most Prevalent Attack Vectors - SQL Injection remains the number one attack
vector, accounting for nearly one-fifth of all security breaches (19%). Attack
vectors exploiting Web 2.0 features such as user-contributed content were also
commonly employed: authentication abuse was the second most active attack vector
(11%), and Cross Site Request Forgery (CSRF) rose to number five with 5% of the
reported attacks. 
* Vertical Markets Under Attack - Social networking sites emerged as the most
targeted vertical market with 19% of the incidents, a dramatic increase from
prior years when this sector was not represented, and displacing government/law
enforcement from the number one spot in 2008.

"The dramatic rise in attacks against social networking sites this year can
primarily be attributed to attacks on popular new technologies like Twitter,
where cross-site scripting and CSRF worms were unleashed," said Ryan Barnett,
director of application security research for Breach Security. "Looking back at
2008, a notable election year, government-related organizations were the
top-ranked attack victims and have now dropped to number three. The WHID report
demonstrates that hackers can be fickle, following popular culture and trends to
achieve the most visible effect for their efforts, which means that companies
must be vigilant in implementing web application systems and monitoring
application activity." 

The Web Hacking Incident Database (WHID) is a project dedicated to maintaining a
record of web application-related security incidents. The WHID`s purpose is to
serve as a tool for raising awareness of web application security problems and
to provide information for statistical analysis of web application security
incidents. Unlike other resources covering web site security - which focus on
the technical aspect of the incident - the WHID focuses on the impact of the
attack. Breach Security Labs is a WHID project contributor. 

To download a copy of Breach`s 2009 WHID bi-annual report, please visit
http://www.breach.com/WHID2009. 

About Breach Security Labs

Breach Security Labs is the research arm of Breach Security, Inc. Breach
Security Labs conducts and sponsors global research and open-source projects
which focus on emerging trends in web application security. In addition to
open-source and research projects, Breach Security Labs provides the security
content, including rules, correlations and signatures, for Breach Security`s web
application security products including WebDefend, ModSecurity Pro and
ModSecurity. 

Breach Security Labs plays an active role in leading web application security
industry organizations such as the Open Web Application Security Project (OWASP)
and the Web Application Security Consortium (WASC). Breach Security Labs team
members are WASC officers and lead the OWASP chapters in the UK and Israel. 

About Breach Security

Breach Security, Inc. is the leading provider of real-time, continuous web
application integrity, security and compliance that protects sensitive web-based
information. Breach Security`s products protect web applications from hacking
attacks and data leakage, and ensure applications operate as intended. The
company`s products are trusted by thousands of organizations around the world,
including leaders in finance, healthcare, ecommerce, travel and government. For
more information, please visit www.breach.com. Follow Breach Security on
Twitter: http://www.twitter.com/BreachSecurity. 





Schwartz Communications
Jill Reed or Clinton Karr, +1-415-512-0770
BreachSecurity@schwartz-pr.com

Copyright Business Wire 2009