#Privacy: XSS, SQL injection and fuzzing the most popular hacking technique of 2019

A report by Precise Security discovered that cross-site scripting (XSS)  was the most widely-used cyber attack method utilised to breach large companies in 2019. 

XSS involves injecting malicious scripts into trusted websites. The technique was used in 39% of cyber incidents this year, followed by SQL injection (14%) and Fuzzing (8%). 

Other methods utilised include information gathering and business logic, however both were utilised in less than 7% of incidents. 

The report discovered that the key motivation behind cyber crime was so that threat actors could learn, with 60% of hackers conducting cyber attacks in 2019 just for the challenge. 

Other reasons behind cybercrime include testing the security team’s responsiveness, in order to win the bug bounty, whilst a quarter of hackers cited recognition. Bizarrely, 40% of hackers stated that they targeted companies they liked. 

According to statistics by Specops Software, within the business finance and legal sectors, macro malware embedded into documents is the most common hacking technique used against them. 

Burrowing malware is a prominent technique used against the retail and hospitality sector, with it being present in over half of attacks (51%). 

Distributed denial of services (DDoS) attacks was present in 58% of incidents against the technical services industry. 


Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.