According to PreciseSecurity.com research, almost 40 percent of all cyber attacks in 2019 were performed by using cross-site scripting, which is hackers' favourite attack vector globally.
For those who came in late, cross-site scripting or XSS is a type of injection attack, in which malicious scripts are injected into trusted websites.
Most of the XSS attacks are performed by using a web application to send malicious code, mostly in the form of a browser side script, to a different end-user. The statistics show SQL injection is the second most used attack vector globally, followed by fuzzing.
However, the 2019 surveys revealed some interesting facts about the global hacker's reasons for choosing the company to hack. Nearly 60 percent of them named the challenge and the opportunity to learn as the primary reason for doing cyber-attacks. Forty per cent of hackers perform the attacks because they simply like the company, while 36 percent of them want to test the security team’s responsiveness.
With 72.3 percent of all cyber-attacks happening on the websites, the 2019 data indicates this is the hackers' favourite platform to perform attacks globally. Because of its massive user-base, WordPress is one of the prime targets of hackers, and 98 per ent of WP platform vulnerabilities are related to plugins.
An application program interface (API) is the second most targeted platform with a 6.8 percent share in the global hacking incidents list. The statistics show that around seven percent of hackers choose Android mobile and operating systems for performing attacks. Attacks aiming at downloadable software and the Internet make only 3.9 percent of all hacking incidents globally.