Home News Web Application Attacks Increases 8x in H1 2020

Web Application Attacks Increases 8x in H1 2020

Vulnerabilities in Zimbra

A cybersecurity report from cloud security provider CDNetworks revealed that distributed denial-of-service (DDoS), web application, and botnet attacks have surged exponentially in H1 2020 compared to the first half of 2019. In its report, “State of the Web Security for H1 2020,” CDNetworks highlighted that, in particular, web application attacks rose by 800%. Nearly 4.2 billion web application attacks were blocked in H1 2020, which is 8x higher than the same period in 2019. According to the report, DDoS attacks saw a 147.63% year-on-year increase. On average, 660 bot attack incidents were blocked every second, a number that has nearly doubled from last year. 

Public Sector Targeted

The report highlighted that cyberattacks are increasing in all sectors. Web application attacks in the public sector surged exponentially, with 1 billion web attacks reported. It was also found that cybercriminals leveraged advanced technologies like artificial intelligence and machine learning to discover and exploit new vulnerabilities across corporate networks and systems.

“The challenges of the global pandemic are leading hackers to move attacks from less visited sites, such as those related to hospitality, transportation, and other travel-related businesses, and redirect their attention to sites that are profiting under COVID-19, such as media, public services, and education. E-government and digital public service systems are also magnets to hackers due to the sensitive and valuable information these systems hold. The Report contends that attacks against the public sector will continue with increasing virulence,” the report stated.

Malicious Web Shells

Recently, the U.S. National Security Agency (NSA) and the Australian Signals Directorate (ASD) issued a joint security advisory “Cybersecurity Information Sheet” (CSI), which stated that hackers are exploiting web application vulnerabilities to deploy malicious web shells. The advisory contains a wide range of information for security teams who want to detect hidden web shells.  Read the full story here…