As cybersecurity attacks continue to make headlines daily, experts are focusing on searching for trends that will help them to better predict and prepare for the next attack, and to advise their business clients.
One example of a service which can assist with this task comes from Cyber Security Cloud, Inc. and the company has announced trends revealed in its Cyberattack Detection Report (available via CB Insights). The report covers the period January 1, 2021 to June 30, 2021.
The cyberattacks analyzed in the report totaled 204,972,557 between January and June 2021. This means that, on average, more than 100 cyberattacks were detected every 10 seconds.
The report classified multiple types of cyberattacks, using general descriptors such as: blacklisted user agent attacks, web attacks, web scans, SQL injections, brute force attacks, traversal attacks, cross-site scripting (XSS), DoS attacks, spam mail and others.
Of these, blacklisted user agents, which attack with bots using vulnerability scanning tools, represented about 80 million, accounting for the highest ratio of the total number of cyberattacks, at 39 percent. This was followed by web attacks, which are cyberattacks that seek to compromise vulnerabilities of the software that composes web servers.
Compared with data from the same period in 2020 for more than 10 types of documented cyberattacks, the 2021 report shows an overall increase in web scans and SQL injections in Japan. Here there was a notable increase as the country entered final preparations for the summer Olympics geared up in Tokyo. This is notwithstanding efforts made by Japanese authorities to deescalate the attack threat.
The Japanese Ministry of Defense’s 2020 budget allocated JP¥25.6 billion to cyber capabilities, making up less than 1 percent of the country’s defense budget. However, this level of spend – or at least the intelligence behind it – appears to be insufficient.
Commenting to Digital Journal, Toshihiro Koike, CEO of CSC, says he believes this trend has larger implications for the world and could help other countries prevent cyberattacks before they happen.
Koike states: “Organizations in the U.S., for example, should prepare for an increase in cyberattacks as the Super Bowl approaches by implementing tools like WafCharm,”
He adds: “That can prevent SQL injections and provide protection against the OWASP 10, the most critical security risks to web applications.”
CSC has released a product called WafCharm (to the U.S. in May 2021). The WafCharm service seeks to manage AWS WAF operations and to automatically optimize rules for AWS WAF as so to help address web-related cyberattacks against business, as well as against critical government infrastructure.
