Web security firm Incapsula this week released the first of what it says will be a monthly report that breaks down the origin of Internet attacks by country. The first survey confirmed that the US and China produce the highest volume of attacks on websites, but they don't necessarily have the most hackers per capita operating from within their borders.
"[T]he more people and PCs you have, the more attack traffic, on average, you are going to produce," Incapsula said in a blog post presenting its "Attack Heatmap" for August (above). But the security vendor, a subsidiary of Imperva, didn't just look at attack volume, it also calculated which countries are producing the highest rates of attack as a percentage of their overall user sessions on Incapsula-secured sites.
"Though the US, China, and Russia are traditionally associated the 'big boys' when it comes to attacks - this isn't always true. Bursts of attacks appear from various countries, driven by various factors such as holidays or just an aggressive hacker. For example, this month there was something rotten in Denmark, as one single hacker deployed automated attacks en masse," the company noted.
Indeed, 0.74 per cent of the sessions originating from Denmark that Incapsula tracked were website attacks, second only to the UK, which delivered attacks at a rate of 0.86 per cent of overall sessions.
Incapsula tracked a sample of 3,000 websites using its security service for its study, which it conducted from 1 August to 14. The security vendor said it was able to draw data from 200 million total user sessions on the sampled sites, which serve an average of 135,000 visitors per month.
There are four main types of website attacks, according to Incapsula. Server takeovers by menas of Remote File Inclusion, Local File Inclusion, Directory Traversal, and other methods are the most common, in part because they can be easily automated, the company said. Data theft by means of SQL injection and credentials theft through cross-site scripting (XSS) methods are the other main types of directly damaging attacks, while a fourth type, vulnerability scanning, is more akin to "casing" a website for future direct attacks.