Cyber-criminals are more and more earning use of automation and bots to launch attacks, according to a new assessment by Barracuda Networks.
In its new report, Threat Highlight: Automated attacks on web programs, the cybersecurity firm disclosed that more than half (54%) of all cyber-attacks it blocked in November and December had been web application attacks which concerned the use of automatic tools.
The most commonplace type was fuzzing attacks, earning up all-around 1 in five (19.5%). This uses automation to detect and exploit the points at which applications split. This was followed by injection attacks (12%), in which cyber-criminals make use of automation applications these types of as sqlmap to attain obtain to purposes.
Pretend bots also represented 12% of the complete number of attacks blocked by Barracuda. These are automatic attacks that fake to be a Google bot or similar. Building up the major 5 web software attacks were software DDoS (9%) and bots blocked by web-site admins (2%).
Whilst bot targeted traffic is escalating, the scientists mentioned that more conventional web application attacks, these types of as injection attacks and cross web site scripting (1%), remained commonplace.
Tushar Richabadas, senior product marketing supervisor at Barracuda Networks, commented: “Automated attacks can overwhelm or infiltrate web apps, and defending from all the types of automated attacks can be overwhelming.
“The very good information is that multi-function answers are consolidating into Web Software Firewall and WAF-as-a-Services methods, also known as Web Application and API Safety products and services (WAAP). Hence, organizations on the lookout to bolster their defenses versus this escalating threat should search for a WAAP answer that features bot mitigation, DDoS safety, API security and credential stuffing protection, as a least, and also make certain it is correctly configured.
“It is also important to remain knowledgeable about existing threats and how they are evolving, so that your business enterprise can be defended in opposition to them. More than the coming calendar year, we can expect automated bot attacks, attacks against APIs and attacks in opposition to software package provide chains to build in amount and sophistication, specifically as these newer attacks have fewer protections and defenses blocking them.”
Some components of this post are sourced from: