The recent report DBIR (Data Breach Investigation Report) 2014 published by Verizon provides us with quite interesting information about web application attackers’ motivations.
The results are based on a total of 3937 incidents, with 490 confirmed data disclosure.
Like any report, the figures only describe the dataset that could be retrieved from some sources, not the reality. But considering the excellent quality of the DBIR, we can be quite confident in the following trends.

According to the report, it seems that the vast majority of web application attacks are attributable to activists driven by ideology and fun or to attackers motivated by financial goals.

Facteurs motivants les attaques d'applications web - camenbert
Facteurs motivants les attaques d’applications web

Ideologically motivated attacks

Ideological actors include those people motivated by a real ideology and those motivated by lulz.

With a large 65%, these attacks usually result in two different kinds of situations:

  • defacement, in order to send a clear message to the company that owns the website
  • server takeover, to perform attacks (like DDoS) on other victims!

While the first situation clearly represents a targeted attack, the latter means that any website can be attacked in order to get control of a machine that will be added to a zombie network.
Did you think your website does not attract attackers?

Financially motivated attacks

Financially motivated attackers focus their effort on money. With that in mind, it becomes obvious that retail and banking websites are targets of choice.

Attackers will try to get credentials on online banking website, either by exploiting technical flaws, or phishing attacks. Once logged in these websites, they can simply exploit the functionalities of the website to steal money.
Retail websites are attacked on logical flaws or technical flaws for their data (very abundant), then easily converted to money. Phishing attacks do not seem to be largely performed on these websites, unlike banking application. The black market of payment card information is an “easy” way for attackers to sell their stolen data.