One in five hacking attempts were on social networking sites this year.
According to the latest Web Hacking Incidents Database (WHID) 2009 bi-annual report from Nebulas Solutions Group and Breach Security, social networking sites were the most targeted vertical market in the first half of 2009, with hackers exploiting Web 2.0 features such as user-generated content including Twitter posts to launch their attacks.
The report showed a 30 per cent increase in overall web attacks in the first half of 2009, compared with the same period in 2008.
Key findings were that the main drivers for hacking were defacement, including planting malware and standard overt changes. The SQL injection remains the number one attack vector, accounting for nearly one-fifth of all security breaches, while attack vectors exploiting Web 2.0 features such as user-contributed content were also commonly employed.
Nick Garlick, managing director of Nebulas Solutions Group, said: “The report's findings clearly show that social networking sites are being targeted. We've seen and heard anecdotal evidence that Web 2.0 applications are being attacked more frequently and more aggressively, but the scale of these findings show very clearly that organisations must now look very closely at their security policies and procedures around Web 2.0.
“Many companies still don't fully comprehend the security risks that social networking sites and user-generated content can represent, so this report is certainly a wake-up call for them and highlights the need to address these issues as a key priority.”
Ryan Barnett, director of application security research for Breach Security, said: “Looking back at 2008, a notable election year, government-related organisations were the top-ranked attack victims and have now dropped to number three. The WHID report demonstrates that hackers can be fickle, following popular culture and trends to achieve the most visible effect for their efforts, which means that companies must be vigilant in implementing web application systems and monitoring application activity.”