Broadband News

The recent well-publicised hacking of corporate documents at Twitter was not an isolated incident. According to the latest research social network sites are now the number one target for hackers and malicious code writers.

Now that the American elections are over, the researchers at Breach Security behind the Web Hacking Incidents Database believe that hackers and malware writers are now turning their attention to the most famous web services of the day.

Nearly one in five (19%) of attacks in the first half of 2009 were aimed against Web 2.0 sites, including social networks and blogging services. This puts the genre ahead of the next major targets of media (16%) and retail (12%) sites with, surprisingly, financial sites in equal 8^th (and last) place with just 5% of malicious attacks.

In contrast to the slowdown in politically motivated attacks, which mirrors a slowdown in political campaigning in America, the researchers behind the report believe fewer attacks on financial institutions that in the previous year is most likely down to those sites protecting themselves better. This has left all bar the most skilled hackers switching attention to the far easier target of social networking sites.

Why hack?

The primary motive, accounting for 28% of attacks, is to deface a site or plant malware, compared to 26% of attacks which are the classic incidents of hackers trying to steal sensitive, personal information about web users. In third place, accounting for 19% of attacks, hackers are motivated by planting misinformation about site owners or users to cause embarrassment.

While there is much talk about hackers being far more skilled than before, the report finds that still the most basic SQL injection attacks are the most common, accounting for nearly one in five attacks.

Ryan Barnett, Director of Application Security Research at Breach Security believes the report highlights how flexible hackers can be, switching targets as their mood, news headlines and popular culture dictate.

“The dramatic rise in attacks against social networking sites this year can primarily be attributed to attacks on popular new technologies like Twitter,” he said.

“Looking back at 2008, a notable election year, government-related organisations were the top-ranked attack victims and have now dropped to number three. The WHID report demonstrates that hackers can be fickle, following popular culture and trends to achieve the most visible effect for their efforts, which means that companies must be vigilant in implementing web application systems and monitoring application activity.”