#Privacy: XSS, SQL injection and fuzzing the most popular hacking technique of 2019

A report by Precise Security discovered that cross-site scripting (XSS)  was the most widely-used cyber attack method utilised to breach large companies in 2019. 

XSS involves injecting malicious scripts into trusted websites. The technique was used in 39% of cyber incidents this year, followed by SQL injection (14%) and Fuzzing (8%). 

Other methods utilised include information gathering and business logic, however both were utilised in less than 7% of incidents. 

The report discovered that the key motivation behind cyber crime was so that threat actors could learn, with 60% of hackers conducting cyber attacks in 2019 just for the challenge. 

Other reasons behind cybercrime include testing the security team’s responsiveness, in order to win the bug bounty, whilst a quarter of hackers cited recognition. Bizarrely, 40% of hackers stated that they targeted companies they liked. 

According to statistics by Specops Software, within the business finance and legal sectors, macro malware embedded into documents is the most common hacking technique used against them. 

Burrowing malware is a prominent technique used against the retail and hospitality sector, with it being present in over half of attacks (51%). 

Distributed denial of services (DDoS) attacks was present in 58% of incidents against the technical services industry. 


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/