Barracuda Networks, a cybersecurity firm, states that cybercriminals are evolving in the way they carry out their operations by using automation and bots in order to conduct cyber attacks.
In their new report titled “Threat Spotlight: Automated attacks on web applications,” Barracuda details that more than half (54%) of all cyberattacks that they blocked during the November-December period were web application attacks that utilized automated tools.
Fuzzing attacks were the most commonly observed type, amounting to roughly one in five attacks blocked (19.5%). Fuzzing attacks use an automation process to determine and exploit the points at which applications break. Injection attacks were the next most prevalent, at 12%. In injection attacks, a malicious code is injected into the network by using automation tools such as sqlmap, which allows attackers to gain access to applications.
Fake bots raised a significant observation in the number of attacks blocked by the cybersecurity firm at 12%. Simulated bot attacks are automated attacks in which automated bots are used, pretending to be bots of Google or a similar search engine, in order to extract personal data from the user.
DDoS attacks and bots blocked by site admin completed the top five web application attacks list as they were blocked 9% and 2%, respectively.
Though bot traffic is on the rise, researchers have noticed that conventional web app attacks, like injection attacks and cross-site scripting, are still as prominent as ever.
The senior product marketing manager at Barracuda Networks, Mr. Tushar Richabadas, provided comments on recent automated attacks in this report. He talked about how automated attacks can cause an overload or penetration of web applications and that it is not such an easy task preparing yourself against all the variety of automated attacks.
However, Mr. Richabadas did say it wasn’t all doom and gloom as multipurpose solutions are now consolidating into Web Application Firewall (WAF) and WAF-as-a-Service solutions. These solutions are also known as Web Application and API Protection services (WAAP). Thus, businesses and organizations hoping to increase their security features against this rising threat now have hope: WAAP solutions. WAAP solutions include features such as bot mitigation, DDoS protection, API security, and credential stuffing protection.
He added that it is crucial for all organizations to be aware of the current threats they face and how they are evolving. Understanding these attacks also allows you to know how to protect yourself against them.
In the following years, companies are told to expect a greater deal of automated bot attacks, attacks against APIs, and attacks against software supply chains. Being prepared against these attacks will allow for a development in quality safety measures, which is vital as fewer firewalls and defenses are available for protection against the newer attacks.