Cyber Security Cloud, Inc. (Headquarters: Shinagawa-ku, Tokyo, Representative Director, President and CEO: Toshihiro Koike, hereinafter “our company”), has released a Cloud-based WAF attack detection report on web applications for the period from November 1st to December 4th, 2022 as a reminder before the long holiday period when cyber-attacks are likely to increase, and recommends detecting and visualising the status of cyber-attacks on your company and taking countermeasures in advance through free trials of its cloud-based WAF "Shadankun".

The data for the cyber attack detection report is analyzed and calculated by aggregating cyber attack logs observed by "Shadankun" of Cloud-based WAF, provided by our company, which visualizes and blocks cyber attacks on web applications, and "WafCharm (WAF Charm)," an automatic operation service for public cloud WAF.

■ Survey overview
・ Survey period: November 1, 2022 to December 4, 2022
・ Investigation target: User accounts using “Shadankun” and “WafCharm”
・ Survey method: Analysis of cyber attack logs observed by “Shadankun” and “WafCharm”

■ Number of detected attacks and attack trends by attack type
The total number of cyber-attacks on web applications detected by our company in the 34 days from November 1st to December 4th, 2022 was 48,489,330. This means that more than 16 cyberattacks were detected in one second.

Two points worth noting are the fact that on November 15, 2022, the number of SQL injections was about seven times higher than the average for the target period, and the number of blacklisted user agents compared to the average for the target period. It is about 2.5 times on November 24, 2022.
In addition, it is not uncommon for cyberattacks to occur not only during large-scale events, but also during long holidays such as Golden Week and the year-end and New Year holidays.

■ About "SQL Injection"
"SQL injection" is an attack that uses vulnerabilities in web applications to manipulate databases illegally. This uses SQL, a "database operation language", to intentionally "inject" "SQL statements for performing unauthorized operations" into input forms and databases on vulnerable web applications. By doing so, it steals or deletes account information, credit card information, etc., and tampering with websites.

The graph below shows the daily number of "SQL injection" attacks detected during the period. The average for the target period is about 200,000 per day, but on November 15th, 1,407,767 attacks were detected, about seven times as many.

SQL injection is a cyber-attack that has existed for quite some time, and it has become easy for attackers to carry out cyber-attacks using tools such as "SQLmap" used in penetration tests. On the other hand, it is possible for defenders to reduce the risk to some extent if they implement countermeasures, so neglecting countermeasures can lead to serious negligence. In June 2022, a large-scale personal information leak occurred in Japan, and we recommend that you always implement basic vulnerability countermeasures for web applications.

■ About “Blacklisted user agents”
A “Blacklisted user agent” is a detection of an attack by a bot using a vulnerability scanning tool that was originally used to discover vulnerabilities. Based on the obtained results, the attacker selects the attack target and considers the attack method.
The graph below shows the daily number of attacks by “Blacklisted user agent” detected during the period. The average for the target period is about 400,000 per day, but on November 24th, 1,028,027 attacks were detected, about 2.5 times more. In addition, compared to our own research (*1) conducted four years ago, the number of attacks detected using “Blacklisted user agents” has increased by about four times.

For example, one of the scanning tools, "ZmEu", was developed in September 2012 to scan for vulnerabilities in phpMyAdmin, but such tools are still used as means of attack. We recommend that you update your web server to the latest version in order to ensure the safety and security of your cyber environment.

■ Measures against cyber attacks during long holidays
System administrators are absent in many organizations during long vacations, making it more likely that they will not be able to respond quickly in the event of an emergency. In addition, there is a risk of virus infection when resuming work after the holidays because the period when the PC is not started is long and the OS and software used are not updated. In order to minimize the damage, it is recommended to take preventive measures such as setting a response notice to all employees before and after the long vacation.
In addition, given the continued instability of the international situation, it is important to remain vigilant against cyberattacks such as DDoS attacks and SQL injection. By catching the signs of cyber-attacks such as “Blacklisted user agent” at an early stage and “detecting” them in advance, the possibility of preventing subsequent cyber-attack damage will increase.
The Cloud-based WAF Shadankun by our company in the number of companies and sites that have been introduced, can detect, visualize, and block cyber-attacks on websites and web servers. . A free trial is available, so we recommend that you take this opportunity to detect and visualize the status of cyber attacks on your company and take countermeasures in advance.

# Cloud-based WAF “Shadankun” free trial inquiry form
https://shadan-kun.com/signup

■ About Cyber Security Cloud, Inc.
Company name: Cyber Security Cloud, Inc.
Location: JR Tokyu Meguro Building 13F, 3-1-1 Kamiosaki, Shinagawa-ku, Tokyo 141-0021
Representative: Toshihiro Koike, Representative Director, President and CEO
Established: August 2010
URL: https://www.cscloud.co.jp

Cyber Security Cloud has the philosophy of "creating a safe and secure cyber space for people around the world", and utilizes the world's leading cyber threat intelligence and AI technology to provide web application security services, vulnerability information collection and We provide anti-hacker services such as management tools. We will continue to contribute to the promotion of the information revolution as one of the leading global companies in cyber security, with a focus on WAF.

Main deployment services:
Cloud-based WAF “Shadankun”: https://www.shadan-kun.com
- Public cloud WAF automated operation service "WafCharm": https://www.wafcharm.com
- "WafCharm for AWS Marketplace" with tamper detection function: https://www.wafcharm.com/jp/aws-mp
- Cyber Security Cloud Managed Rules for AWS WAF: A carefully selected set of rules for AWS WAF.
https://aws.amazon.com/marketplace/seller-profile?id=baeac351-6b7c-429d-bb20-7709f11783b2
- Vulnerability information collection and management service "SIDfm": https://sid-fm.com

*1 2018 White Paper on Cyberattacks ~3Q Ver.~: https://www.cscloud.co.jp/news/press/201811141727
* 2 Survey by Japan Marketing Research Organization Survey overview: Fiscal year ending October 2021_Actual survey