News

  • Report

Share

Facebook Twitter linkedin
2021.02.03

Cyber Security Cloud announces "Cyber Attack Detection Report 2020" ~The number of attacks detected in 2020 during the corona crisis is the highest in the past three years~

Cyber Security Cloud, Inc. Ltd. (Headquarters: Shibuya-ku, Tokyo; President and CTO: Yoji Watanabe; hereinafter referred to as “our company”) is a cyber We will release the attack detection report. In addition, this data is an attack observed by "Shadankun", Cloud-based WAF that visualizes and blocks cyber-attacks on websites provided by our company, and "WafCharm", an automated operation service for AWS WAF and Azure WAF. Logs are aggregated, analyzed and calculated.

■Survey overview
・ Survey period: January 1, 2020 to December 31, 2020
・Survey target: User accounts using “Shadankun” and “WafCharm”
・Investigation method: Analysis of attack logs observed by “Shadankun” and “WafCharm”

■ Cyber attack detection status in 2020

From January to December 2020, 334,932,032 cyberattacks were detected. This means that attacks were detected at a pace of about once every 10 seconds for a year.
Furthermore, an average of 21,059 attacks per month were detected per 1 sid (sid = Security Identifier: a security identifier that uniquely identifies network user accounts and groups). Compared to 2019, it increased by about 10%, and the number of detections was the highest in the past three years. Among them, the most cyberattacks were detected in May, and it is believed that due to the new coronavirus, many companies have shifted to new normal work styles such as telework, and the increase in online responses has had an impact. .
Also, looking at the first half of 2020 from January to June, an average of 22,593 attacks were detected per month per sid. On the other hand, in the second half of the period from July to December, there was an average of 19,525 cases per sid per month, a decrease of about 13.5%. A relatively large number of attacks were detected in July and August, which includes corporate summer vacations, but the downward trend continued thereafter.

― Changes in detection status before and after the declaration of a state of emergency due to the outbreak of the new coronavirus

Furthermore, in the data on the number of attacks in the first half of the year, when there were many attacks, as a result of comparing the average number of attacks per day before and after the declaration of a state of emergency due to the spread of the new coronavirus, the number of emergencies from April 7 to May 25 During the state of emergency declaration, 909,158 attacks were detected per day, which is more than 19% higher than the average number of attacks per day from January 1st to April 6th, before the declaration was issued. In addition, the average number of attacks per day from May 26 to June 30, when the state of emergency was lifted, decreased to 809,252, but increased by about 6% compared to before the declaration was issued.
Amidst concerns about the spread of the novel coronavirus, a state of emergency has been declared again, and it is possible that the number of attacks will increase during the same period as last time. need to strengthen.

■ The number of detections and attack trends for each type of attack

Looking at the attack status of the main attack types during this survey period, "Blacklisted user agents", which are attacks by bots using vulnerability scanning tools, etc., accounted for 39.9% of the total, followed by software that configures web servers. 28.3% said "Web attack," which is an attack against the vulnerability of a computer, and 11.1% said "Web scan," which is a method of searching and investigating the target of an attack or searching for vulnerabilities through a simple attack that is performed at random. I was.

- “Web attacks” surged during the new corona disaster
Comparing the number of attacks by attack type in 2020 with those for the same period in 2019, for the top three attack types, "Blacklisted user agent" increased by about 1.6 times and "Web scan" increased by about 1.4 times. “Web attacks” increased by about 2.5 times compared to the previous year. Furthermore, from January 1st to January 31st, 2020, "Web attacks" accounted for about 18% of all attacks, but between May 1st and 30th, it increased to 29.8%. It was found that the threat of "Web attacks" has increased along with the spread of the new corona infection.

- Diversification of attack methods
Comparing the attack detection results for each type of attack during this research period with those for the same period in 2019, and comparing the ratio of each attack to the total, excluding "Web attacks", "Blacklisted user agents" , "Web scan", "SQL injection", and "Brute force attack", which are the top attack methods by number of attacks, have decreased their share. Entering 2020, in addition to the possibility that attack methods will concentrate on "Web attacks," it is possible that the range of attack methods is expanding and diversifying.

■ Attack status for major vulnerabilities

ーAttacks targeting vulnerabilities in “WordPress Plugin”

Attacks targeting vulnerabilities in "WordPress Plugin", a tool for extending WordPress functionality, increased significantly from mid-September, and although they declined temporarily after that, they increased again towards November. A vulnerability in the WordPress Plugin "File Manager" was discovered around the same time, and it is highly likely that attacks targeting this vulnerability increased.

ーAttacks targeting vulnerabilities in “Oracle WebLogic”

Attacks targeting vulnerabilities in "Oracle WebLogic", an application server provided by Oracle Corporation, have been gradually increasing since May. Since the "Oracle WebLogic" vulnerability was announced in October, it is highly likely that accesses targeting the vulnerability had increased before the announcement.

-Attacks targeting other vulnerabilities
   

   

``ServerSideRequestForgery'' is an attack method that exploits bugs to send requests to servers in areas that cannot be reached from the outside. , which is considered to be one of the most difficult attacks to counter against, saw a sharp increase from July to August, followed by a significant decline. In addition, attacks targeting vulnerabilities in ``php cgi'', which runs the PHP programming language in the form of an executable file, and ``PHPUnit,'' which is a framework for unit testing in PHP, increased significantly in July. In addition, attacks against vulnerabilities in the forum site construction software "vBulletin" increased sharply from the second half of August to September, and attacks against the Java framework "Spring Boot" gradually increased from mid-July. I'm here.

■Comment from Yoji Watanabe, President and CTO of Cyber Security Cloud
In 2020, when people's lifestyles have changed significantly due to the impact of the new corona, looking back on domestic cyber security incidents, the problem of unauthorized use of docomo accounts surfaced in September, and Capcom was discovered in November. Cases of leakage of customer information of up to 350,000 cases became a hot topic. Among them, Capcom's case is an attack that targets online game services, which are in high demand due to the corona crisis.
In addition, 2020 saw the highest number of attacks detected in the past three years, with a particularly large number of attacks detected in the first half of the year. Changes in the number of attacks were seen before and after the declaration of a state of emergency, and the impact of changes in work styles due to the new coronavirus was also seen.
While many attacks were detected in this way, only some cases have been announced, and it is possible that many other companies have not even been discovered. Cyberattacks are increasing and diversifying amid the COVID-19 pandemic, and the enactment of the Revised Personal Information Protection Law will increase the responsibility of companies for personal information leaks. It is also necessary to review whether the cybersecurity measures of

[About Cloud-based WAF “Shadankun”]
https://www.shadan-kun.com/

Cloud-based WAF "Shadankun" is a web security service that visualizes and blocks cyber-attacks on websites and web servers. Utilizing the attack detection AI engine "Cyneural" that uses deep learning, it not only detects general attacks, but also discovers unknown attacks and false positives at high speed, and has the world's leading threat intelligence. The team "Cyhorus" responds quickly to the latest threats. The number of companies and sites that have introduced it is ranked first*1 in Japan, and it is used regardless of the size of the company.

[About “WafCharm”]
https://www.wafcharm.com/

“WafCharm” is a service that can automatically operate a WAF provided in the public cloud with the number of installed users in Japan, using “AI” and “big data”. We provide two major platforms, AWS and Microsoft Azure.
Equipped with the AI engine “WRAO*3” (Patent No. 6375047) that automatically operates the optimal WAF rules using machine learning, the number of cumulative sites and companies that have introduced it is No. 1 in Japan. *1 Cloud-based WAF “Shadankun”, which has a track record of 1, utilizes a cumulative total of more than 1.7 trillion big data, and automatically applies the optimal rules for each customer. The cyber threat information monitoring team "Cyhorus" responds quickly to the latest threats. In addition, we also provide support*4 from development engineers with know-how in signature customization that is one of the best in Japan.

[About Cyber Security Cloud, Inc.]
Company name: Cyber Security Cloud, Inc.
Location: VORT Ebisu maxim 3F, 3-9-19 Higashi, Shibuya-ku, Tokyo 150-0011
Representative: Yoji Watanabe President and CTO
Established: August 2010
URL: https://www.cscloud.co.jp/
With the philosophy of "creating a safe and secure cyber space that people around the world can use", Cyber Security Cloud provides web application security services to the world using the world's leading cyber threat intelligence and AI technology. Offered by subscription. In addition, AWS, which has a 47.8%*5 global cloud market share, has been certified as the 7th AWS WAF Managed Rule Seller in the world.
As a leading company, we will continue to develop services to create a cyberspace that people around the world can use safely and securely, and contribute to the promotion of the information revolution.

*1 Source: Market research on “Cloud-based WAF service” (May 2019-June 2019 survey) <ESP Research Institute>
*2 Source: Survey by Japan Marketing Research Organization Survey outline: Fiscal year ended July 2020_Actual survey
*3 Only compatible with AWS WAF classic
*4 Applicable only to some plans
*5 Source: Gartner (August 2020)・・・Worldwide Iaas Public Cloud Services Market Share, 2018-2019