Web Application Attacks Boosted Over 800%, According to CDNetworks Study

Distributed denial-of-service (DDoS), Web application, bot, and other attacks have surged exponentially compared to the first half of 2019. In particular, attacks on web applications rose by 800%. These alarming statistics can be found in CDN provider CDNetworks’ latest report, ‘State of the Web Security for H1 2020.’

The Report goes on to say that hackers are extremely sensitive to industry transformation. For this reason, the challenges of the global pandemic are leading hackers to move attacks from less visited sites such as those related to hospitality, transportation, and other travel-related businesses and redirect their attention to sites that are profiting under Covid-19 such as media, public services, and education.

E-government and digital public service systems are also magnets to hackers due to the sensitive and valuable information these systems hold. The Report contends that attacks against public sectors will continue with increasing virulence. Web application attacks in the public sector surpassed attacks in retail venues, making the public sector the single most attacked industry during this period. In fact, over 1 billion of the web attacks were targeted toward the public sector, which accounts for 26% of total attacks.

Equally disturbing is the fact that with artificial intelligence (AI) becoming a vital part of cybersecurity, hackers are now using machine learning to detect and crack vulnerabilities in networks and systems.

According to the Report, all types of attacks continued to increase. Consider that:

  • DDoS attack incidents saw a 147.63% year-on-year growth
  • On average, 660 bot attack incidents were blocked every second, a number that is nearly doubled from last year
  • Over 4.2 billion web application attacks were blocked in H1, a figure that is 8 times higher than the same period in 2019

The Report published by CDNetworks would make it crystal clear that attacks are rising in all vectors and types year over year. As new web application methodologies, from network security to cloud security, expose new attack surfaces, the boundary of security protection continues to expand with them. As a result, today’s APIs, micro-services, and serverless functions are all vulnerable to malformed requests, bot traffic, and DDoS attacks at both network and application layers. Moreover, the evolution of 5G networks, edge computing, artificial intelligence (AI), and Internet of Things (IoT) is rapidly forcing conventional security into the dustbin. In its place, software-defined security is emerging as a significant trend in the development of network security.

Enterprises that have an online presence and care about compliance, user privacy, security, and online availability can no longer enjoy the luxury of cherry-picking their security services, according to the Report. Because conventional security devices and strategies are becoming inadequate for handling today’s challenges. Rather, they must act immediately to adopt a comprehensive website security suite that includes a web application firewall (WAF), bot management solution, and DDoS protection.

Intelligent confrontation will be the new battlefield for cloud security in the near future, stated CDNetworks in its Report. To minimize your exposure window, the time has come to fundamentally rethink strategy and embrace a layered defense to gain a tactical edge and achieve superiority on the battlefield in both conventional conflicts and asymmetric cyber-warfare.