Web application attacks soar as attackers get more professional
The number of malicious web application requests grew 88 percent between 2020 and 2021, with broken access control and injection attacks making up over 75 percent of them.
The latest threat analysis report from Radware shows the most attacked industries were banking and finance, along with SaaS providers, together accounting for more than 28 percent of web application attacks.
Retail and high-tech industries rank third and fourth, each with almost 12 percent of the web security events, followed by manufacturing (nine percent), government (six percent), carriers (six percent), and transportation (five percent).
Over the same period the year-on-year growth rate in DDoS attacks was 37 percent. But while big attacks were making headlines, the volume of micro floods, attacks which often go undetected, rose nearly 80 percent compared to 2020.
"The statistics tell a story about bad actors. They are getting smarter, more organized, and more targeted in pursuing their objectives -- whether that be for money, fame, or a political cause," says Pascal Geenens, director of threat intelligence for Radware. "In addition, cybercriminals are shifting their attack patterns -- from leveraging larger attack vectors to combining multiple vectors in more complex-to-mitigate campaigns. Ransomware operators and their affiliates, which now include DDoS-for-hire actors, are working with a whole new level of professionalism and discipline -- something that we have not seen before."
The report also notes more sophisticated and better organized operators advancing their tactics by adding more extortion capabilities to their arsenal. To bring victims reluctant to pay back to the negotiating table, attackers have launched triple extortion campaigns by combining not only cryptolocking and data leaks, but also DDoS attacks. As a result, the underground economy supported by ransomware operators is seeing higher demand for DDoS-for-hire services.
The full 2021-2022 Global Threat Analysis Report is available on the Radware site.