Study: AWS accounts for 20 percent of all web application attacks

Imperva, a datacenter security company, has discovered that Amazon Web Services (AWS), is the source of approximately 20 percent of all Web app attacks.
The Imperva’s fifth-annual Imperva Web Application Attack Report, released last week by Imperva, examined security data from nearly 100 applications protected by the company‚Äôs Web Application Firewall product. Each of these applications was attacked at the least once in the time period between August 2013 – April 2014. Imperva discovered that SQL injection attacks had increased by 10 percent over the previous year, while remote file inclusion attacks had increased by 24 percent.
Increasingly, the sources of these attacks are servers hosted on Infrastructure-as-a-Services (IaaS) platforms. This is a result of the increasing acceptance of cloud computing by businesses, according to the Imperva study. The study found that many companies support ‘cloudification’ of IT. This involves moving IT assets into infrastructures like Amazon Web Services, Microsoft Azure, and other.
According to Imperva analysis, around 20 percent of all known attacks were originated from IPs within AWS range. AWS was also responsible for 10 percent of all SQL injection attacks.
Imperva identified three types of attacks that AWS is able to perform. The first category is “attackers who have broken into the Web application directly and have injected malicious code that allows remote control over the server.” The second category is “attackers who have gained control of the company’s AWS account” and have tampered the server via the administrative interface. The third category includes “attackers who use AWS to host their malicious server instances.” In this instance, the attacker is the account owner.
Imperva stated that such attacks could be a growing trend. “[Because] cloud architecture is usually designed to have high availability and distributed globally, it makes e ective for hackers to elevate large scale attacks such as [distributed Denial-of-Service] attacks from these platforms.”
Imperva stated that it used AWS to proxy for its analysis because of its dominant market share. “[I]t is evident to us that Amazon AWS has more than five times the market share and size of all their 14 competitors combined. The study stated that this reflects the growing number of online entities and the impact it has on our numbers. Imperva also offers an AWS-hosted version of its application firewall product.
Amichai Shaulman, Imperva’s CTO, warned that there are other IaaS providers who, despite not having AWS dominance should be cautious about potential attacks.
Shulman stated in a prepared statement that “this phenomenon is on the rise” and added that other IaaS providers need to be concerned about their servers being compromised. “Attackers aren’t discriminating when it comes to where a server is located.”