Historically, web-based attacks have been one of the greatest threats to NTT Security clients around the globe.
This year was no different.
Globally, about a third (just over 32%) of all observed attack activity was web-application or application-specific attacks. These attacks doubled over the past year, and targeted some of the most commonly used technologies, such as bash, Struts and Samba, as discussed in the Security Challenge: Web-Application Attacks section of the report.
Regionally, though, some observed attack numbers were even higher. For instance, in Japan, web-based attacks accounted for over half of all hostile activity.
A large variety of threat actors leverage these types of attacks, often to target organizations with high volumes of sensitive data, typically for financial gain or for espionage purposes.
And, it’s no wonder web-based attacks are so prevalent, as these types of attacks are incredibly effective given the number of vulnerabilities found – and remain unpatched – in common web-based applications.
Combine the fact that 2018 saw a new record number of defined vulnerabilities (a total of 16,555 vulnerabilities during 2018, up 157% in the past two years) with the fact that organizations continue to have a hard time keeping up with the requirements of patching applications, operating systems, tools and a variety of other products in their operational environments, and the problem magnifies itself.
It’s incredibly easy for attackers to find these points of entry into a network – a simple search of a tool like Shodan is all that is required. In addition, many exploits are now part of automated toolkits, making the job that much simpler for any attacker.
Web-based attacks can also be potentially expensive for organizations affected by these types of attacks – both from a financial or reputational perspective. These types of attacks are often associated with large, highly-publicized breaches.
While virtually all industries are targeted, those with a greater public web presence are more susceptible, as the applications targeted by these types of attacks are often more exposed, broadening the attack surface of a network.
In fact, data from 2018 showed this to be the case for several industries. Globally, web-based attacks accounted for more than 40% of all hostile activity against organizations in the finance, business and professional services, and healthcare sectors. Worse yet, in some instances, these numbers were even higher. In one regional retail sector, 85% of all attack activity was web-based attacks. In addition, three regional finance sectors were heavily targeted, with 43-48% of all attack activity being attributed to web-based attacks.
As we observe each year, sophisticated actors quickly leverage new vulnerabilities, once again highlighting the fact that critical vulnerabilities should be patched as quickly as possible in network environments.
Read more about defensive measures your organization should consider in this Security Challenge section of the 2019 Global Threat Intelligence Report (GTIR). DO IT NOW!!!