LAST UPDATED Oct 04, 2021
Cybersecurity is changing fast. Just glance at the breach headlines, and you’ll most certainly see words like “API,” “bot,” or “third party.” With all the change, we’ve also seen an influx of cybersecurity research in recent weeks, which can be helpful when trying to sort out this new threat landscape and prioritize resources. Here is a brief preview of some of the recent studies we found that shed light on new trends:
Trends continue to show that the financial services industry and media businesses bear the brunt of increased automated bot network attacks – we’re seeing credit unions get hit extremely hard.
Threat actors are always looking to capitalize on human error, and around 66% of incidents involved APIs that were improperly configured. The overall result of these security issues has been to enable cryptojacking and ransomware, the top two malware types, which accounted for over half of cloud compromises.
In the first half of 2021, approximately 5.4 million DDoS attacks were reported. These DDoS attacks were an 11% increase over last year, and also indicate that threat actors are using multiple approaches to attack organizations. Our threat-hunters observe highly sophisticated, multi-faceted, mixed-mode attacks that penetrate defenses by staying just below detection thresholds. Then they morph and move once more. Each elusive step applies different tricks to slip between the cracks in a defense perimeter designed for a different scale of attack.
Almost 50% of web owners wouldn’t know for sure if their site had been attacked. The challenge for these firms is the extensive use of third-party sources for code, many of which obtain their code in turn from other third parties. This number is up nearly 10% from the previous year.
These studies highlight how rapidly both the application landscape and threat landscape are changing. We’re working hard to keep up with both while making your life a little easier at the same time. Click here to learn more about how we’re helping organizations protect modern web applications, or set up a live demo today.