Indusface has released its ‘State of Application Security Report’ for Q2 2024 (April – June 2024). The report uncovers a 115% rise in cyberattacks, with the company’s AppTrana WAAP platform successfully blocking over 2.37 billion threats during this period. On average, 960K attacks were blocked per website. Bot attacks rose by 213% in Q2 2024 compared to Q2 2023, with over 276 million incidents recorded. DDoS attacks also surged, reaching a total of 835 million, affecting 60% of all sites monitored. In total, 6 out of 10 sites witnessed a DDoS attack, whereas 9 out of 10 sites experienced a bot attack.
Power and energy companies faced up to 25 times more attacks than the industry average, likely because non-regulated industries with less stringent security requirements are soft targets for hackers. The banking, financial services, and insurance (BFSI) sectors witnessed 45%-60% higher bot attacks. 90% of BFSI sites and all healthcare sites were targeted by bad bots that are typically used for account takeover, card cracking, skimming and other attacks.
SQL injection attack is the top vulnerability in the banking, financial services, insurance, healthcare, and retail sectors, reinforcing the importance of protecting critical customer data, including PII, credit card information, and others that these applications host. Additionally, the manufacturing industry faced 10 times higher cross-site scripting (XSS) attacks than other sectors. The report also reveals a staggering 1,200% increase in attacks targeting vulnerabilities, driven by the proliferation of cyber exploitation tools. The accessibility of technologies like LLMs (e.g., ChatGPT) has lowered the barrier for novice hackers, significantly intensifying the threat landscape. A total of 25K critical and high vulnerabilities were found, with 31% of these vulnerabilities open for 180+ days.
“Attacks exploiting known vulnerabilities have surged by 1200%, and bot attacks have risen by 200%. This increase could be attributed to the widespread adoption of large language models (LLMs), particularly among less experienced hackers. Despite these attacks largely following predictable patterns, we anticipate significant changes on the horizon. For instance, advanced bots are increasingly targeting enterprise applications, while SMBs are facing a rise in DDoS attacks. Blocking sophisticated bots remains challenging even for enterprises with robust security tools and dedicated teams, while SMBs often lack the budget for effective managed solutions to combat DDoS attacks.” Said, Ashish Tandon, Founder and CEO of Indusface. “Given the recent debates around business continuity vs security, I hope that the leadership doesn’t compromise on security while also demanding security vendors to demonstrate fail-safe mechanisms” added Ashish.
Additionally, the Small and Medium Businesses (SMBs) globally faced over 559 million attacks. DDoS is the number one attack vector, with each website/app seeing 124% more DDoS attacks compared to enterprise apps. This could be because DDoS attack monitoring requires either a managed WAAP or specialised, 24×7 security operations centres (SOC) which SMBs can ill-afford. The report indicates the critical need for robust, managed security solutions. Of the total attacks, 59% were mitigated using application specific security policies, highlighting the importance of tailored protection. The remaining 41% were shielded by out-of-the-box security policies.