Study: 20 Percent of Web Application Attacks Come from AWS
A study by datacenter security firm Imperva Inc. has found that roughly one-fifth of all Web application attacks originate from servers on Amazon Web Services (AWS).
Released last week, the fifth-annual Imperva "Web Application Attack Report" analyzed security data from nearly 100 applications that are protected by the company's Web Application Firewall product. Each of those applications was attacked at least once during the period between August 2013 and April 2014. In that time, Imperva found that SQL injection attacks were up by 10 percent compared to the year-ago period, and remote file inclusion attacks were up by 24 percent.
Increasingly, the sources of these attacks are servers hosted on Infrastructure-as-a-Services (IaaS) platforms. The Imperva study suggests that this is simply a natural outcome of the growing acceptance of cloud computing among businesses. "Many companies have endorsed 'cloudification' of IT, moving assets into infrastructures such as Amazon Web Services, Microsoft's Azure, and others," the study noted.
About 20 percent of all known attacks came from IPs within the AWS range, according to the Imperva analysis. Additionally, AWS was the source of 10 percent of all SQL injection attacks.
Imperva described the attacks coming from AWS as falling under three categories. The first is "attackers who have breached the Web application directly and have injected malicious code that allows remote control of the server." The second is "attackers who have taken over the company's AWS account and have tampered with the server through the
administrative interface." The third category is "attackers who simply use AWS as a platform for their malicious server instances. In this case the attacker is the account owner."
Such attacks may be a growing trend, Imperva said: "[Because] cloud infrastructure is usually designed to be highly available and distributed globally, it makes it very effective for hackers to elevate large-scale attacks such as [distributed denial-of-service] attacks from these platforms."
Imperva said it used AWS as the proxy for its analysis due to its dominant market share and size. "[I]t is clear to us that Amazon AWS is the clear leader in size and market share, having more than 5 times the size of all of their 14 competitors combined. This reflects a huge and growing portion of all online entities and therefore the impact we see on our own numbers," the study said. Imperva, of course, also offers a version of its application firewall product that is specifically designed for AWS-hosted applications.
However, Imperva CTO Amichai Shulman cautioned that other IaaS providers, despite lacking AWS dominance, should also be wary of potential attacks.
"With this phenomenon on the rise, other IaaS providers have to worry about their servers being compromised," Shulman said in a prepared statement. "Attackers don't discriminate when it comes to where a datacenter lives."
Gladys Rama (@GladysRama3) is the editor of Redmondmag.com, RCPmag.com and AWSInsider.net, and the editorial director of Converge360.