XSS the most widely-used attack method of 2019

Research unveils the most popular hacking techniques, with SQL injection and fuzzing also popular choices

Java script displayed on monitor

The most widely-used cyber attack method used to breach large companies in 2019 was cross-site scripting (XSS), according to research. 

The hacking technique, in which cyber criminals inject malicious scripts into trusted websites, was used in 39% of cyber incidents this year.

This was followed by SQL injection and Fuzzing, which were used in 14% and 8% of incidents respectively. Among other widely-used methods are information gathering, and business logic, although both were used in less than 7% of incidents.

With 75% of large companies targeted over the last 12 months, the report by Precise Security also revealed the key motivation behind cyber crime has been the opportunity for hackers to learn.

Almost 60% of hackers conducted cyber attacks in 2019 due to the fact it presents a challenge. Other prominent reasons for hacking a company’s systems include to test the security team’s responsiveness, and to win the minimum bug bounty offered. ‘Recognition’ ranked sixth in the list of motivations, and was cited by just 25% of hackers. Bizarrely, 40% also said that they preferred to target companies that they liked.

Digging into industry-specific insights, additional research published this month also revealed the most prominent attack method faced by sectors within the UK economy.

The most prevalent hacking technique in the business, finance and legal sectors, for example, was macro malware embedded into documents, according to statistics compiled by Specops Software. 

Retail and hospitality firms, meanwhile, suffered mostly from burrowing malware, present in 51% of attacks, as did governmental organisations, registering 37% of incidents.

The healthcare industry was susceptible mostly to man-in-the-middle attacks, in which communications between two computer systems are intercepted by a third-party. 

Related Resource

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

How to manage security risk and compliance - whitepaperDownload now

Distributed denial of service (DDoS) attacks were the most common form of attack faced by the technical services industry, with 58% of incidents using this method.

As for how these attacks are conducted specifically, the Precise Security report showed that 72% of platforms used as a springboard for cyber crime are websites. WordPress, for example, is a prime target due to the massive userbase, with 90% of hacked CMS sites in 2018, for instance, powered by the blogging platform.

Application programme interfaces (APIs) were the second-most targeted platforms in 2019, being at the heart of 6.8% of incidents, with statistics showing Android smartphones are usually involved in such attacks.

Featured Resources

How to be an MSP: Seven steps to success

Building your business from the ground up

Download now

The smart buyer’s guide to flash

Find out whether flash storage is right for your business

Download now

How MSPs build outperforming sales teams

The definitive guide to sales

Download now

The business guide to ransomware

Everything you need to know to keep your company afloat

Download now

Recommended

New report highlights the need for diversity in cyber security recruitment
cyber security

New report highlights the need for diversity in cyber security recruitment

28 Apr 2021
Apple's AirTag tracker has already been hacked
hacking

Apple's AirTag tracker has already been hacked

10 May 2021
TsuNAME vulnerability could enable DDoS attacks on major DNS servers
distributed denial of service (DDOS)

TsuNAME vulnerability could enable DDoS attacks on major DNS servers

7 May 2021
Security researchers take control of a Tesla via drone
ethical hacking

Security researchers take control of a Tesla via drone

5 May 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
Dell XPS 17 (2021) review: A big laptop for big jobs
Laptops

Dell XPS 17 (2021) review: A big laptop for big jobs

10 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021