Cyber Security Cloud, Inc. (Headquarters: Shibuya-ku, Tokyo; Representative Director, President and CEO: Toshihiro Koike; hereinafter referred to as “our company”) wil lrelease the cyber attack detection report covering the first half of 2021 (January 1 to June 30, 2021). In addition, this data is analyzed and calculated with aggregated attack logs observed by Cloud-based WAF  "Shadankun" that visualises and blocks cyber-attacks on websites, and 'WafCharm" which an automated operation service for AWS WAF and Azure WAF by our company.

■Survey overview
・ Survey period: January 1, 2021 to June 30, 2021
・Survey target: User accounts using “Shadankun” and “WafCharm”
・Investigation method: Analysis of attack logs observed by “Shadankun” and “WafCharm”

■ The number of detections and attack trends for each type of attack
Between January and June 2021, the number of cyberattacks detected is 204,972,557. This means that more than 100 cyberattacks were detected in 10 seconds.

Furthermore, when the detected attacks are classified by attack type, "Blacklisted user agent", which is an attack by a bot using a vulnerability scanning tool, accounts for approximately 80 million cases, accounting for the highest ratio of 39.11% of the total. . Next, "Web attacks," which are attacks against vulnerabilities in software that configures Web servers, accounted for approximately 48 million cases, accounting for 23.75%. “Web scan”, which is a method, was followed by about 30 million cases at 14.68%.

In addition, "SQL injection," which intentionally targets system vulnerabilities to execute unexpected SQL statements and illegally manipulate database systems, ranks fourth with about 15 million cases. “Brute force attack,” which tries to break through by entering all theoretically possible patterns for numbers, ranked 5th with about 11 million.

The top three types of attacks, which are mainly aimed at finding targets for attack rather than launching direct attacks, are numerous. Among such attacks, during the period of this survey, a feature emerged in which there was a growing tendency to search for targets before attacking through "Web scans."

On the other hand, the 4th place “SQL injection” and the 5th place “Brute force attack” are attacks whose main purpose is to directly steal information through attacks. In particular, "SQL injection" was detected about 5 million more than the same period last year.

Under these circumstances, companies that do not have sufficient countermeasures against cyberattacks are more likely to be targeted by hackers, and the possibility of concentrated attacks is also increasing.

■ Attacks targeting major vulnerabilities
ー Changes in detection of “SQL injection” attacks

SQL injection is an attack in which an unintended and unauthorized SQL is executed due to a vulnerability in the system, and the database is operated illegally. If you are actually attacked, damage such as account and credit card information leakage, redirecting to unauthorized sites, and website defacement for the purpose of virus infection will occur. In Japan, a large-scale personal information leak occurred in June. Even if you have introduced a WAF under these circumstances, it is important to strengthen measures such as vulnerability diagnosis on a regular basis to prevent vulnerabilities from being built in.

■ Attacks targeting major vulnerabilities
ー Attacks targeting vulnerabilities in various “WordPress Plugins” that extend WordPress functionality
The number of attacks per day targeting vulnerabilities in various "WordPress Plugins" that extend WordPress functions hovered between 20,000 and 40,000 from January to April, but in the first half of May, the number increased sharply. And then stabilized for a while, but then sharply increased again in the first half of June. The increase in attacks since May is thought to be due to the release of WordPress version 5.7.2 on May 13 and the discovery of a vulnerability in PHPMailer. Although WordPress is convenient, it is necessary to fully understand that it is easy to be attacked, and to continue to take thorough security measures in the future.

[About Cyber Security Cloud, Inc.]
Company name: Cyber Security Cloud, Inc.
Location: VORT Ebisu maxim 3F, 3-9-19 Higashi, Shibuya-ku, Tokyo 150-0011
Representative: Toshihiro Koike, Representative Director, President and CEO
Established: August 2010
URL: https://www.cscloud.co.jp/