Most visits to a login page are made by malicious tools
Posted on 06 November 2013.
Incapsula surveyed 1,000 websites over a 90-day period, during which we recorded over 1.4 million unauthenticated access attempts and 20,376 authenticated logins.

Their data shows that 2.8% of the unauthenticated attempts were made by human visitors. This suggests that most of these should be attributed to “human error” (e.g., typing the wrong password) and to the initial one-time 2FA activation process.


The numbers also show that another 1.8% of the unauthenticated visits were made by benevolent bots (e.g., search engines, legitimate crawlers, RSS readers, etc.) whose numbers would certainly be much higher, if not for the common practice of blocking the login URLs using the robots.txt file.

The remaining 94.1% of the visits were made by malicious automated tools - the kinds that are used to discover and exploit password-related security holes. Simply put, this means that on average 15 of every 16 visitors to your login page have ill attentions in mind.


The seemingly high ratio of malicious visits is, in fact, all but expected - especially considering the recent waves of large-scale Brute Force attacks and the overall increase in APT events and other password-related hacks.

That connection becomes even more evident from looking at the trending reports. For example, while observing the timeline of blocked attempts, it is easy to spot a distinct correlation between the steep increase in number of malicious access attempts and the reports about the Fort Disco attack, which surfaced throughout August and September.





Spotlight

Biggest ever cyber security exercise in Europe is underway

Posted on 30 October 2014.  |  More than 200 organisations and 400 cyber-security professionals from 29 European countries are testing their readiness to counter cyber-attacks in a day-long simulation, organised by the European Network and Information Security Agency (ENISA).


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //