News

  • Report

Share

Facebook Twitter linkedin
2023.08.10

Attack Detection Report Targeting Web Applications in the First Half of 2023 - SQL Injection and Cross-Site Scripting Ranked in Top 3 Vulnerabilities -

Cyber Security Cloud, Inc. (Headquarters: Shinagawa-ku, Tokyo, Representative Director, President and CEO: Toshihiro Koike, hereinafter “our company”), a global security manufacturer that develops anti-hacker services, will start the first half of 2023 (from January 1, 2023). June 30, 2020), we will announce the "Cyber-attack detection report targeting web applications (hereinafter referred to as "this report")".
This report contains the cyber attack logs observed by our Cloud-based WAF, “Shadankun,” which visualizes and blocks cyber-attacks on web applications, and by “WafCharm,” an automated operation service for public cloud WAFs. We aggregate, analyze and calculate.

≪Report Summary≫
・Attacks increased to 138% from April to May 2023
・The number of SQL injections per host increased by 110% year-on-year
・Cross-site scripting per host increased by 220% year-on-year

■ Cyber attack detection status from January to June 2023

From January 1 to June 30, 2023, we detected a total of 319,001,684 cyber attacks on web applications, or 22,239 attacks per host*.
Furthermore, a year-to-date comparison shows that the number of attacks increased 138% from April to May 2023.
Cyber attacks tend to increase when events are held that bring people together on a global scale, and we assume that attacks increased sharply in May and June due to the G7 Hiroshima Summit and Ministerial Meeting, which brought together the heads of state of various countries, as well as the sudden participation of Ukraine's President Zelensky.
*Calculated using the total number of hosts protected by "Shadankun" (Web type: number of FQDNs, server type: number of IPs) and the number of hosts protected by "WafCharm" (WebACL) as the denominator.

■ Attack type

Looking at the attack status by major attack type during this survey period, the major trends have not changed significantly from the first half of 2022. However, the number of “Blacklisted user agents” by bots using vulnerability scanning tools increased from 65,249,759 to 101,953,562 from January to June 2022, an increase of approximately 156%. It is possible that reconnaissance to locate the subject has increased.

■ The biggest threat to web applications
According to the results of research (*) by MITER, an American non-profit organization that conducts research and development, SQL injection and cross-site scripting rank in the top three among the most serious vulnerabilities in software.

These vulnerabilities pose a particularly serious threat to web applications. It is important for developers and system administrators to pay attention to implementing security measures such as proper input validation, access control, and session management. It also requires regular vulnerability assessments and efforts to raise security awareness.

◆ SQL injection
SQL injection is a site or application that dynamically creates SQL statements based on external input. Unintended external input causes malicious SQL statements to be injected, resulting in unauthorized reading of database data. or in which data is altered or deleted. If the SQL injection vulnerability is exploited, the database may be manipulated from the outside, and as a result, the data recorded in the database may be viewed, stolen, changed, or deleted.
Compared to January to June 2022, the total number of SQL injection attacks in January to June 2023 increased from 22,451,970 to 29,180,491, an increase of approximately 130% (approximately 6.72 million cases). Ta. Cases per host increased from 1,858 to 2,044, roughly 110% year-on-year.

◆ Cross-site scripting
Cross-site scripting (XSS) is an attack that uses vulnerabilities in websites to embed malicious scripts in HTML, the description language. Sites that generate web pages based on user input, such as survey sites, site searches, blogs, and bulletin boards, and web applications such as Facebook and Twitter are prone to cross-site scripting. If the code prepared by the attacker is embedded in the form installed on the site, when the user enters and submits information on the form, in addition to the entered information, cookie information and personal ID are also sent to the attacker. . This allows the attacker to hijack the victim's social media accounts or infiltrate internal systems with the victim's privileges.
Compared to January to June 2022, the total number of cross-site scripting attacks in January to June 2023 increased from 2,022,844 to 5,396,930, an increase of approximately 267% (approximately 3.37 million cases). I was. The number of incidents per host increased from 172 to 378, an increase of approximately 220% year-on-year.

■ Measures against cyber attacks during long holidays
In many organizations, system administrators are absent during long vacations such as the Obon holiday, and it is easy for cases where quick responses cannot be taken in the event of an emergency. In addition, there is a risk of virus infection when resuming work after the holidays because the period when the PC is not started is long and the OS and software used are not updated. In order to minimize the damage, it is recommended to take preventive measures such as setting a response notice to all employees before and after the long vacation.

■ About Cyber Security Cloud, Inc.
Address: JR Tokyu Meguro Building 13F, 3-1-1 Kamiosaki, Shinagawa-ku, Tokyo
Representative: Toshihiro Koike Representative Director, President and CEO
Established: August 2010
URL: https://www.cscloud.co.jp/
Cyber Security Cloud has a management philosophy of "creating a safe and secure cyber space for people around the world", and utilizes world-class cyber threat intelligence and AI technology to provide web application security services and anti-hacker services such as vulnerability information collection and management tools. We will continue to contribute to the promotion of the information revolution as one of the leading global companies in cyber security, with a focus on WAF.

■ Survey overview
・ Survey period: January 1, 2023 to June 30, 2023
・Survey target: User accounts using “Shadankun” and “WafCharm”
・Investigation method: Analysis of cyber attack logs observed by “Shadankun” and “WafCharm”

* Source: 2023 CWE Top 25 Most Dangerous Software Weaknesses: https://cwe.mitre.org/top25/archive/2023/2023_top25_list.html