Retailers suffer twice as many SQL injection attacks as other sectors - report

US is number one source of web attacks, followed by Western Europe - ahead of China and Brazil

Retailers suffer twice as many SQL injection attacks as other industries, security software vendor Imperva has found.

In its Web Application Attack report, Imperva found that these attacks were longer and more frequent, with retail applications subject to an average of 749 individual attack requests per "attack campaign".

SQL injections are used to exploit a security vulnerability in an application's database software and are often used in conjunction with other forms of cyber-attack, such as distributed denial of service (DDoS), to provide a cover.

Imperva said that its findings could reflect the design and size of the applications, as retail applications contain a relatively large number of pages in the form of online catalogues, which could have contributed to the time and intensity of SQL injection attacks.

They are also high-profile organisations that these days invariably require a similarly high-profile e-commerce web presence.

The same report found that most of the 70 web apps monitored receive four or more attacks per month, with one app attacked on average as many as 26 times per minute.

"While these findings undeniably demonstrate that web application attacks are far from consistently distributed, the takeaway is that organisations should base security measures on the worst case scenario, not on the average case," said Imperva chief technology officer Amichai Shulman.

Meanwhile, overturning a common myth that such attacks usually emanate from Eastern Europe, the former Soviet Union or parts of Asia, Imperva found that the US is the number one source of web attacks, followed by Western European countries, then China and Brazil.