The APWG has released the initial analysis of a survey of organizations whose web sites were hacked. The APWG Web Site Vulnerabilities Survey considers 270 incidents reported over an 18 month period. Although I am listed as principal investigator and correspondent author, equal credit and more is owed to the very strong team of volunteers from the Internet Policy Committee: John LaCour, Russ McRee, Robert W. Capps II, Rod Rasmussen, Ebrima Ceesay, Thomas J. Holt and Gary Warner. The team framed the questions, sought out respondents from victimized parties and encouraged participation.
Quoting from the survey and article:
"The most frequently attacked operating system among survey respondents was Linux OS (76%). Attack victims reported that they used Apache as their web server in 81 percent of the responses, MySQL as their database application in 81 percent of the responses, and PHP/Java as their application platform in 82 percent of responses.
"Seventy four percent (74%) of the victims indicated that this was the first attack on this web site that resulted in the creation of a phishing or spoof web site.
"Eighty-four percent (84%) of the victims reported that attackers uploaded phishing or spoof web pages and scripts onto these sites for use during their phishing campaigns. Additionally, 24 percent of victims reported that attackers installed malicious software on their sites.
"Companies that specialize in phishing detection and remediation most often report attacks to victims (52%)."
The aggregated survey results accompany the article as an appendix. We continue to study the responses as we prepare a fuller report.