Cyber Security Cloud, Inc. (Headquarters: Shinagawa-ku, Tokyo; Representative Director, President and CEO: Toshihiro Koike; hereinafter referred to as the "Company"), a global security manufacturer that provides anti-hacker services, announced the ``Cyberattack Detection Report Targeting Web Applications'' (hereinafter referred to as the ``Report''), which targets the period of in the third quarter of 2023 (from July 1 to September 30th, 2023.)
This report contains the cyber attack logs observed by our Cloud-based WAF, “Shadankun,” which visualizes and blocks cyber attacks on web applications, and “WafCharm,” a public cloud WAF automatic operation service. We aggregate, analyze and calculate.

≪Report Summary≫
・Increase in “directory traversal” attacks that target server files
・Attack from Australia, which was ranked 34th last year, increased rapidly and ranked 8th.

■ Cyber attack detection status from July to September 2023

From July 1, 2023 to September 30, 2023, the total number of cyber attacks on web applications detected by our company was 205,608,392, or 13,211 per host (*).
In Japanese news that has been picked up overseas, it was announced in September that China had completely suspended imports of seafood from Japan in response to the release of treated water from the TEPCO Fukushima Daiichi Nuclear Power Plant into the ocean. The fact that not a single female member of the Diet was hired became a hot topic during the personnel reform. It is also possible that these events have some influence on the number of cyber attacks against Japan.
*Calculated using the denominator as the total number of hosts protected by "Shadankun" (Web type: number of FQDNs, number of server types: number of IPs) and the number of hosts protected by "WafCharm" (WebACL).

■ Attack type: “Directory traversal” attacks targeting server files are rapidly increasing.

Looking at the attack status by main attack type during this survey period, the main trends have not changed significantly from the first half of 2022. However, although the overall number was small, it was found that attacks targeting files in "Other" called "directory traversal" have been increasing since July 2023. Directory traversal is an attack method that exploits directory traversal vulnerabilities in web applications to illegally access, manipulate, or view files and directories that should be private.

If you fall victim to a traversal attack, information may be leaked, files may be tampered with, or your account or system may be accessed illegally. To prevent damage from occurring, it is important to take measures such as appropriately setting file access permissions, implementing a WAF, and promptly updating the version if a vulnerability is discovered.

■ Country of attack: Australia ranked 34th last year, ranked in the top 10
Comparing the detected attack sources by country last year, from July 1st to September 30th, 2022, the United States came in first place, followed by Japan in second place, followed by Canada, France, and the United Kingdom in third place. There was not much change in the top countries from July 1st to September 30th, 2023, but Australia, which was ranked 34th last year, ranked 8th.

The monthly average number of attacks from Australia from July 2022 to August 2023 was 254,580, but in September 2023 the number of attacks jumped to 4,794,387.

Even for events that are not widely reported by the Japanese domestic media, you can find clues about trends in cyber attacks from news reported by foreign media.
This is because foreign attackers may gather information about Japan through international news and plan attacks based on that information. Therefore, a comprehensive understanding of domestic and international information flows is also an important element in cybersecurity measures.

*The attack source country identified in this report does not definitively indicate the source of the attack, as it is possible that the attacker uses the server as a relay point.

■ Cyber attack countermeasures during long holidays
In many organizations, system administrators are absent during long vacation periods such as winter vacation and New Year's holidays, making it easy for systems administrators to be unable to respond quickly in the event of an emergency. Additionally, because computers are not started for long periods of time and the OS and software used are not updated, there is a risk of being infected with viruses when resuming work after the holidays. In order to minimize damage, we recommend taking proactive measures, such as setting up a response notification to all employees before and after a long vacation.

■About Cyber Security Cloud, Inc.
Address: 13th floor, JR Tokyu Meguro Building, 3-1-1 Kamiosaki, Shinagawa-ku, Tokyo
Representative: Representative Director, President and CEO Toshihiro Koike
Established: August 2010
URL: https://www.cscloud.co.jp/
Cyber Security Cloud has a management philosophy of "creating a safe and secure cyberspace for people around the world," and provides web application security services and vulnerability information collection using the world's leading cyber threat intelligence and AI technology. - We provide anti-hacker services such as management tools. We will continue to contribute to the promotion of the information revolution as one of the global leading companies in cybersecurity centered on WAF.

■ Survey overview
・Survey period: July 1, 2023 to September 30, 2023
・Survey target: User accounts using “Shadankun” and “WafCharm”
・Investigation method: Analysis of cyber attack logs observed by “Shadankun” and “WafCharm”