Web app attacks are up 800% compared to 2019

A cyber attack depicted in binary code
(Image credit: Shutterstock)

Web application attacks have increased by over 800%, according to the State of the Web Security for H1 2020 report.

Published by CDN and cloud security provider CDNetworks, the report found that during the first half of this year, web application attacks, which use malformed requests or injected payloads to steal data, modify data or obtain privileges illicitly, increased nine times relative to H1 2019.

CDNetworks saw and blocked over 4.2 billion web application attacks during H1 2020.

The statistic show that web application attacks in the public sector surpassed attacks in retail venues, making the public sector the single most attacked industry during this period

“In fact, over 1 billion of the web attacks were targeted toward the public sector, which accounts for 26% of total attacks," the report says. "Equally disturbing is the fact that with artificial intelligence (AI) becoming a vital part of cybersecurity, hackers are now using machine learning to detect and crack vulnerabilities in networks and systems."

The company collected anonymized data from its clients and said the statistics showed enterprises are “experiencing challenging times in their attempts to defend against cyber attacks and protect their online assets.”

The report also found that DDoS attack incidents saw over a 147% year-on-year growth as of H1 2020. This increase peaked in February and March and remained at elevated levels. Similarly, attack peaks more than doubled in H1 2019 compared to H1 2020. The study found the most prevalent DDoS attacks were SYN flood at 53% and UDP flood at 35%. ACK flood and ICMP flood attacks were significantly lower at 8% and 4%, respectively.

According to the report, bot attacks nearly doubled in 2020 with 10.38 billion bot attacks blocked by the firm. CDNetworks said this figure was 97% higher than H1 2019. On average, CDNetworks blocked 660 bot attack incidents, nearly doubling H1 2019.

Bot attacks relate directly to economic trends. In previous years, bot attacks focused on tourism and related industries, such as transportation and hospitality. But COVID-19’s impact on tourism and hospitality, online services, e-commerce and gaming are now bot attacks’ primary targets.

The report added that hackers are extremely sensitive to industry transformations and switch their attack tools and methods to keep pace with these changes.

“Nowhere is this more evident than with the Covid pandemic, where a decline in the tourism industry has prompted attackers to move toward exploiting online learning, telecommuting, and other businesses that are flourishing during the current pandemic,” the report’s authors said.

Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.