Hackers focusing on data leaks and web site defacement

Organisations are suffering from increasingly sophisticated attacks, as hackers attempt to gain profit from leaked data and deface corporate web sites, according to a report from Trustwave.

The firm has released its latest Web Hacking Incidents report, which focuses on the impact of hack attacks, aiming to give a clear view of their severity and knock-on effects.

"Attackers are professional criminals who are developing new ways to generate revenue from compromising web applications," said Robert J. McCullen, chairman and chief executive of Trustwave.

Trustwave's report analyses only those incidents that were reportedly publicly, so the firm concedes that it is restricted to a limited number of cases - in this case fewer than 160.

The company said that one of the most significant challenges facing firms is the increase in 'profit from hacking' attacks, where hackers attempt to siphon off potentially valuable data, for example leaked information that can be sold off on an underground black market.

Other attacks look to deface web sites, or plant malware within corporate systems in order to use them as part of botnets, according to Trustwave.

One of the most notable findings in the report is the high proportion of SQL injection attacks. These accounted for 15 per cent of attacks, and can often be the result of poorly configured systems.

Alarmingly, it appears that firms are simply not up to the task of protecting their own systems, and Trustwave said that often they had insufficient security, event management and logging tools, while criminals had sophisticated tools at their disposal.

Trustwave believes, though, that organisations should be more open about the security attacks they face, and drop the curtain of secrecy surrounding issues. the firm said that not disclosing issues "prevents the fixing of the root cause of the problem".

Governments are the most attacked organisations, accounting for 20 per cent of hackers' attentions, while Web 2.0 firms, such as Facebook and Twitter, are second with about 15 per cent. Finance is third with about 12 per cent of attacks.