Cyber Security Cloud, Inc. (Headquarters: Shinagawa-ku, Tokyo, Representative Director, President and CEO: Toshihiro Koike, hereinafter referred to as the "Company"), a global security manufacturer that provides anti-hacker services, will operate from January 1, 2023 to December 31, 2023. We are pleased to announce the ``Cyber Attack Detection Report on Web Applications'' (hereinafter referred to as the ``Report''), which targets . This report contains the cyber attack logs observed by our Cloud-based WAF, “Shadankun,” which visualizes and blocks cyber attacks on web applications, and “WafCharm,” a public cloud WAF automatic operation service. We aggregate, analyze and calculate.

<Report Summary>
・Detected 23 cyber attacks per second
・Attack targeting WordPress is increasing

■ Total number of attacks and trends: 23 cyber attacks detected per second

From January 1, 2023 to December 31, 2023, we detected a total of 735,508,279 cyber attacks on web applications. This works out to be attacked 23 times per second. In addition, 48,527 attacks were carried out per host (*1) per year, the highest number of attacks in the past three years (approximately 43,000 attacks in 2020, approximately 42,000 attacks in 2021, and approximately 42,000 attacks in 2022). This is the highest number ever.
*1 Approximately calculated using the denominator of the total number of hosts protected by "Shadankun" (Web type: number of FQDNs, server type: number of IPs) and the number of hosts protected by "WafCharm" (WebACL).

■ Attack country

Comparing detected attack sources by country in 2022, the top countries for the number of attacks were the United States in first place, Japan in second place, followed by France, the United Kingdom, and Canada in third place.
There has not been much change in the top countries, but Singapore, which was 14th last year, has moved up to 10th place.

■ Attack source country (increase rate)

Furthermore, in the ranking of countries with an increase in the number of attacks compared to last year, Lithuania came in first place, South Africa in second place, India in third place, Brazil in fourth place, and Vietnam in fifth place. According to a Cybersecurity Advisory (*2) report, the Federal Bureau of Investigation (FBI), National Security Agency (NSA), U.S. Cyber Command, and multiple international organizations have confirmed that Russian state-sponsored cyberattack groups are announced that they are using Ubiquiti EdgeRouters to carry out malicious activities. These attackers have been shown to collect credentials, control network traffic, and set up phishing pages and tools through compromised routers.
In any case, countries with a high rate of increase are often reported to have suffered cyberattacks from hacker groups, and there is a possibility that they are being used as relay points, or if their routers are compromised, they can be used as a springboard for attacks. It is also possible that the number is increasing as a result of usage.
Please note that the attack source countries identified in this report do not definitively indicate the source of the attack, as it is possible that the attacker uses the server as a relay point.

*2 Source: Russian cyber actors use compromised routers to Facilitate Cyber Operations. JOINT CYBERSECURITY ADVISORY. (2024, February 27). https://www.ic3.gov/Media/News/2024/240227.pdf

■ Attack type: Attacks targeting CMS (*3) are increasing

Looking at the attack status of the main attack types during this survey period, although the overall number has increased, the main trends have not changed significantly from 2022. The most common method was ``Web scan'', which is a ``premonition of an attack'' such as searching and researching the target of an attack, or searching for vulnerabilities with simple attacks performed at random, at 34%, followed by vulnerabilities. "Blacklisted user agent" attacks, which are attacks by bots using scanning tools, account for 30% of the total.
Up to the research report for the third quarter of 2023, approximately 66 types of attacks such as WordPress and Movable Type were referred to as "Web attacks," but from this report onwards, it has been divided into more detailed attack types.  

*3 CMS is an abbreviation for Content Management System, a tool that enables updates and new page creation even without specialized website knowledge.

■ Cross Site Scripting

Cross-site scripting (XSS) is an attack that takes advantage of vulnerabilities in websites and embeds malicious scripts in the writing language HTML. Sites that generate web pages based on user input are susceptible to cross-site scripting attacks. Examples include web applications such as Facebook and Twitter, response results on survey sites, search terms for site searches, articles and comments on blogs and bulletin boards, etc. If a code prepared by an attacker is embedded in a form set up on a site, when a user enters and submits information in that form, cookie information and personal ID are sent to the attacker in addition to the entered information. Masu. This allows the attacker to take over the victim's SNS account or infiltrate internal systems with the victim's privileges.
When comparing January to December 2022, we found that the total number of cross-site scripting attacks from January to December 2023 increased from 16,262,146 to 41,149,122, an increase of approximately 253%. Per host, this was an increase of approximately 208% from the previous year, from 1,290 to 2,679.

■WordPress

WordPress is a type of CMS (content management system) written in the programming language PHP, which allows you to easily create blogs and websites. According to a survey by W3Techs, WordPress accounts for 42% of all websites on the Internet (including CMS developed with proprietary code), with a market share of 62%.
Because of the large number of users, there is a high risk of it being targeted if a vulnerability is reported. Also, because of its ease of use, it is possible to operate a website even if you have no knowledge of web applications or security. As a result, it is thought that attacks targeting WordPress are occurring frequently.

■Movable Type

Movable Type is known as one of the most popular CMS along with WordPress. In our previously published "Cyber Attack Detection Report 2021," we reported that Movable
We called attention to a remotely exploitable vulnerability (CVE-2021-20837) in Movable Type's XMLRPC API. After that, we confirmed that the number of attacks had increased compared to 2022, and in October 2023, a cross-site scripting issue was announced as a new vulnerability in Movable Type.

■Comment from Yoji Watanabe Representative Director, CTO Cyber Security Cloud, Inc.
By 2023, the total number of attacks will reach 735,508,279, which means that you will be attacked approximately 23 times per second. Last year, there was a noticeable increase in attacks targeting CMS. The reason behind this is that CMS is easy to introduce and has many users. Attacking a site that uses a CMS is more efficient than targeting a single website and, if successful, can affect a wide range of users.

For this reason, it is important for website operators to continually collect information on the latest security trends and threats and implement appropriate measures. Security settings are not something that can be set once and then completed; it is a process that requires constant vigilance and updating. Implementing appropriate security measures will help protect your website from attackers and maintain the trust of your users.

■ About Cyber Security Cloud, Inc.
Address: JR Tokyu Meguro Building 13F, 3-1-1 Kamiosaki, Shinagawa-ku, Tokyo
Representative: Toshihiro Koike Representative Director, President and CEO
Established: August 2010
URL: https://www.cscloud.co.jp
Cyber Security Cloud has a management philosophy of "creating a safe and secure cyber space for people around the world", and utilizes world-class cyber threat intelligence and AI technology to provide web application security services and vulnerability information collection.・We provide anti-hacker services such as management tools. We will continue to contribute to the promotion of the information revolution as one of the leading global companies in cyber security, with a focus on WAF.