Cyber Security Cloud, Inc. (Headquarters: Shinagawa-ku, Tokyo; Representative Director, President and CEO: Toshihiro Koike; hereinafter referred to as "Cyber Security Cloud"), a global security manufacturer that develops hacker countermeasure services, is pleased to announce the "Web Application Cyber Attack Detection Report (hereinafter referred to as "this report") for the first quarter of 2024 (January 1 to March 31, 2024). This report aggregates, analyzes, and calculates cyber attack logs observed by "Shadankun," Cloud-based WAF visualizes and blocks cyber attacks on web applications provided by our company, and "WafCharm," an automated operation service for public cloud WAFs. In addition, we have added some of the results of our newly implemented vulnerability diagnosis surveys.

<Report Summary>
・Detects approximately 2.2 million cyber attacks per day
・SQL injections increased by 9.5 million cases compared to last year
・About 80% of vulnerabilities in vulnerability diagnosis are high-risk

■ Total number of attacks and trends: Approximately 2.2 million cyber attacks detected per day

The total number of cyber attacks on web applications detected by our company from January 1 to March 31, 2024 was 209,120,623. This equates to approximately 2.2 million attacks per day. In addition, the average number of attacks per host (※1) was 12,798.
(※1) Estimated calculation based on the total number of hosts protected by "Shadankun" (Web type: number of FQDNs, Server type: number of IPs) and the number of hosts protected by "WafCharm" (WebACLs).

■ Attack country

Looking at the source of detected attacks by country compared to the same period in 2023, the top three countries in terms of number of attacks were the United States, Japan, France, the United Kingdom, and Canada.
There has been little change in the top countries, but Indonesia, which was 34th in January-March 2023, has risen to 10th place.

■ Main attack types

Looking at the attack status by major type during this survey period, although the overall total number has increased, the main trend has not changed significantly from 2023. The most common was "Web scan," which is a "sign of attack" such as exploring and investigating the target of an attack or searching for vulnerabilities with simple random attacks, accounting for 38%, followed by "Blacklisted user agent," an attack by bots using vulnerability scanning tools, etc., accounting for 23% of the total.

■ Vulnerabilities detected in Q1 2024

We offer vulnerability diagnosis services and have a track record of diagnosing approximately 2,000 systems. Our vulnerability diagnosis service is divided into three major categories (web applications, platforms, and APIs). As a result of vulnerability diagnosis conducted in the first quarter of 2024 (January 1 to March 31, 2024), 78.6% of the total vulnerabilities were found to be high-risk vulnerabilities. Typical attacks include "SQL injection," which allows unauthorized access to databases, "cross-site scripting," which allows arbitrary programs to be executed on browsers, and "session management vulnerabilities," which allow logged-in users to access the site by impersonating other users. High-risk vulnerabilities are also real and lurking on your site, and if not addressed, they may become the target of cyber attacks, so caution and measures are required.

■ SQL injections increased by approximately 9.5 million cases compared to the first quarter of 2023

SQL injection is an attack on websites and applications that dynamically create SQL statements based on external input, in which malicious SQL statements are injected from unintended external input, leading to unauthorized reading, alteration, or deletion of database data. If an SQL injection vulnerability is exploited, the database can be manipulated from outside, resulting in the viewing, theft, modification, or deletion of data recorded in the database.

Compared to the first quarter of 2023, we found that the total number of attacks increased by approximately 9.5 million.

■ Cross-site scripting attacks increased by approximately 10 million cases compared to the first quarter of 2023

Cross-site scripting (XSS) is an attack that exploits vulnerabilities in a website to embed malicious scripts in HTML, a description language. Sites that generate web pages based on user input can be targets of cross-site scripting attacks. For example, web applications such as Facebook and X, survey results, search terms in site searches, blog and bulletin board articles and comments, etc. If an attacker embeds code prepared by an attacker in a form on a site, when a user enters and submits information in the form, the entered information, as well as cookie information and personal IDs, are sent to the attacker. This allows the attacker to take over the victim's social media account or infiltrate the victim's internal system with the victim's authority.
Compared to January-March 2023, the total number of cross-site scripting attacks from January-March 2024 increased by 10,540,708, from 2,957,949 to 13,498,657. Per host, the number of attacks increased by approximately 614 compared to the previous year, from 211 to 825.

■Comment from Cyber Security Cloud, Inc. Representative Director, CTO Yoji Watanabe
Between January and March 2024, we detected a huge number of cyber attacks, an average of approximately 2.2 million per day. This is likely because while technology is evolving, the threats that come with it are also becoming more sophisticated. Of particular note is the sharp increase in SQL injection and cross-site scripting attacks. These attacks pose a very significant security risk to companies as they can also be lurking on customer sites. The data we detected clearly shows how sophisticated and frequent these attacks are.

In order to combat the increasing number of cyber attacks, we are continually updating and strengthening our security solutions using the latest technology. As attack methods evolve daily, we are also required to continue evolving accordingly. For this reason, it is important for website operators to continually collect information on the latest security trends and threats and take appropriate measures. Security settings are not finished once they are set up, but are a constant process of constant vigilance and updates. By implementing appropriate security measures, it is possible to protect your website from attackers and maintain the trust of your users.

About Cyber Security Cloud, Inc.
Address: 13th floor, JR Tokyu Meguro Building, 3-1-1 Kami-Osaki, Shinagawa-ku, Tokyo
Representative: Toshihiro Koike Representative Director, President and CEO
Established: August 2010
URL: https://www.cscloud.co.jp
With the corporate philosophy of "creating a cyberspace that people all over the world can use safely and securely," we are a Japanese security manufacturer that provides vulnerability information collection and management tools and fully managed security services for cloud environments, centered on web application security services that make full use of the world's leading cyber threat intelligence. As one of the global companies in cybersecurity, we will contribute to solving social issues related to cybersecurity and provide added value to society.