DDoS, web application, bot, and other attacks have surged exponentially compared to the first half of 2019, according to CDNetworks.
In particular, attacks on web applications rose by 800%. These alarming statistics show that enterprises are experiencing challenging times in their attempts to defend against cyber attacks and protect their online assets.
Hackers extremely sensitive to industry transformation
The report goes on to say that hackers are extremely sensitive to industry transformation. For this reason, the challenges of the global pandemic are leading hackers to move attacks from less visited sites such as those related to hospitality, transportation, and other travel-related businesses and redirect their attention to sites that are profiting under COVID-19 such as media, public services, and education.
E-government and digital public service systems are also magnets to hackers due to the sensitive and valuable information these systems hold. Researchers contend that attacks against public sectors will continue with increasing virulence.
All types of attacks continued to increase. Consider that:
- DDoS attack incidents saw a 147.63% year-on-year growth.
- On average, 660 bot attack incidents were blocked every second, a number that is nearly doubled from last year.
- Over 4.2 billion web application attacks were blocked in H1, a figure that is 8 times higher than the same period in 2019.
It is also worth noting that web application attacks in the public sector surpassed attacks in retail venues, making the public sector the single most attacked industry during this period. In fact, over 1 billion of the web attacks were targeted toward the public sector, which accounts for 26% of total attacks.
Equally disturbing is the fact that with AI becoming a vital part of cybersecurity, hackers are now using machine learning to detect and crack vulnerabilities in networks and systems.
Attacks rising in all vectors and types
The report makes it clear that attacks are rising in all vectors and types year over year. As new web application methodologies, from network security to cloud security, expose new attack surfaces, the boundary of security protection continues to expand with them. As a result, today’s APIs, micro-services, and serverless functions are all vulnerable to malformed requests, bot traffic, and DDoS attacks at both network and application layers.
Moreover, the evolution of 5G networks, edge computing, AI, and Internet of Things is rapidly forcing conventional security into the dustbin. In its place, software-defined security is emerging as a significant trend in the development of network security.
Enterprises that have an online presence and care about compliance, user privacy, security, and online availability can no longer enjoy the luxury of cherry-picking their security services because conventional security devices and strategies are becoming inadequate for handling today’s challenges. Rather, they must act immediately to adopt a comprehensive website security suite that includes a web application firewall, bot management solution, and DDoS protection.
Intelligent confrontation will be the new battlefield for cloud security in the near future. To minimize the exposure window, the time has come to fundamentally rethink strategy and embrace a layered defense to gain a tactical edge and achieve superiority on the battlefield in both conventional conflicts and asymmetric cyber warfare.