News

  • Report

Share

Facebook Twitter linkedin
2020.07.22

Cyber Security Cloud Releases Attack Detection Report for the First Half of Fiscal Year 2020 - Cyberattacks Increased by Approximately 20% During the State of Emergency Declaration Compared to Before It Was Declared -

Cyber Security Cloud, Inc. (Headquarters: Shibuya-ku, Tokyo; President and CEO: Akira Ohno; hereinafter referred to as "Cyber Security Cloud") is pleased to announce its cyber attack detection report for the first half of fiscal year 2020 (January 1 to June 30, 2020). This data was compiled, analyzed, and calculated from attack logs observed by "Shadankun," Cloud-based WAF that visualizes and blocks cyber attacks on websites, and "WafCharm," an AWS WAF automated operation service provided by Cyber Security Cloud.

■ Survey Overview
・Survey period: January 1, 2020 to June 30, 2020
・Survey target: User accounts using "Shadankun" and "WafCharm"
- Research method: Analysis of attack logs observed by "Shadankun" and "WafCharm"

■ Attack situation
<Total number of attacks>

During this survey period, the total number of cyber attacks detected on sites using "Shadankun" and "WafCharm" reached 147,762,255. May saw the highest number of attacks, with 29,039,856 detected.

<Number of attacks per day before and after the state of emergency was declared>

Furthermore, when comparing the average number of attacks per day before and after the declaration of a state of emergency, 909,158 attacks were detected during the state of emergency from April 7 to May 25, which is more than 19% more than before the declaration. After the state of emergency was lifted, the number of attacks decreased, but still increased by about 6% compared to before the declaration.

<Attack type>

Of the 10 main attack types during this survey period, "Blacklisted user agent," which is an attack by bots using vulnerability scanning tools, accounted for 59,979,416 cases, or 40.6% of the total, followed by "Web attack," which is an attack against vulnerabilities in the software that makes up web servers, at 37,587,944 cases, or 25.4%, and "Web scan," which is a method of searching for and investigating the target of an attack or searching for vulnerabilities through simple random attacks, at 14,300,917 cases, or 9.7%. Compared to the number of each attack type during the same period last year, "Blacklisted user agent" increased by 1.5 times, and "Web scan" increased by about 1.1 times, while "Web attack" increased by more than three times.
Furthermore, while "Web attacks" accounted for approximately 18.9% of all attacks between January 1st and 31st, 2020, this increased to 29.8% between May 1st and 30th, and the threat of "Web attacks" has increased with the spread of COVID-19.

*About Blacklisted user agents
"Blacklisted user agent" refers to the detection of bot attacks using vulnerability scanning tools, such as "ZmEu," "Nikto," and "Morfeus."

* Regarding web attacks
A "Web attack" is a detected attack on a vulnerability in the software that makes up a web server.

■Comment from Cyber Security Cloud Director and CTO Yoji Watanabe
Looking back at the first half of 2020, the announcement in January that Microsoft's Internet Explorer had been hit by a zero-day attack became a hot topic. A zero-day attack is an attack that exploits a vulnerability for which no fix exists, making it extremely difficult to detect. This is why even Internet Explorer, provided by a major company like Microsoft, was affected. As cyberattacks continue to become more sophisticated, companies will need to constantly update their countermeasures.
This survey found that cyberattacks increased during the period when the state of emergency was declared due to the COVID-19 pandemic, with a particular surge in "web attacks." It is highly likely that the increase in attacks was due to the increased adoption of teleworking among companies and the Golden Week holiday during the period when the state of emergency was declared.
With long holidays such as summer vacation approaching and concerns of a renewed spread of COVID-19 infections, it is considered even more important to strengthen measures against such attacks.
As such, the objectives and methods of cyber attacks are diversifying, and they are always looking for the right opportunity to launch an attack. It is becoming increasingly important for organizations with websites, regardless of their size, to take measures against such cyber attacks.

[About Cloud-based WAF “Shadankun”]
https://www.shadan-kun.com/

Cloud-based WAF "Shadankun" is a web security service that visualizes and blocks cyber-attacks on websites and web servers. Utilizing the attack detection AI engine "Cyneural" that uses deep learning, it not only detects general attacks, but also discovers unknown attacks and false positives at high speed, and has the world's leading threat intelligence. The team "Cyhorus" responds quickly to the latest threats. The number of companies and sites that have introduced it is ranked first*1 in Japan, and it is used regardless of the size of the company.

About WafCharm, the AWS WAF automation service
https://www.wafcharm.com/

"WafCharm" is an AI-based "AWS WAF" rule (signature) automation service with the highest number of users in Japan*2. It features "WRAO"*3 (Patent No. 6375047), an AI engine that uses machine learning to automatically optimize WAF rules. It automatically applies the optimal rules to AWS WAF for each customer by leveraging over 1 trillion pieces of big data accumulated through "Shadankun," Cloud-based WAF with the highest cumulative number of sites and companies in Japan*1. Our cyber threat information monitoring team, "Cyhorus," ensures rapid response to the latest threats. We also provide support from development engineers with leading signature customization expertise in Japan. We sell our service to over 1 million AWS users in 190 countries.

About Cyber Security Cloud, Inc.
Company name: Cyber Security Cloud, Inc.
Address: VORT Ebisu Maxim 3rd Floor, 3-9-19 Higashi, Shibuya-ku, Tokyo 150-0011
Representative: President and CEO Akira Ohno
Established: August 2010
URL: https://www.cscloud.co.jp/
With the mission of "creating a safe and secure cyberspace for people all over the world," Cyber Security Cloud provides web application security services worldwide on a subscription basis, leveraging the world's leading cyber threat intelligence and AI technology. Furthermore, AWS, which holds a 47.8% share of the global cloud market, has certified Cyber Security Cloud as the seventh AWS WAF Managed Rules Seller in the world.
As a leading company, we will continue to develop services that create a safe and secure cyberspace for people around the world, and contribute to the promotion of the information revolution.

*1 Source: Market research on "Cloud-based WAF services" (as of June 16, 2019) <ESP Research Institute> (survey conducted from May 2019 to June 2019)
*2 Survey conducted by Japan Marketing Research Organization. Survey summary: Actual results survey for the period ending July 2020.
*3 Only compatible with AWS WAF classic
*4 Source: Gartner (July 2019) Worldwide IaaS Public Cloud Services Market Share, 2017-2018
(Millions of US Dollars)