Cyber Security Cloud, Inc. (Headquarters: Shinagawa-ku, Tokyo, Representative Director, President and CEO: Toshihiro Koike, hereinafter referred to as "the Company"), a global security manufacturer, is pleased to announce the release of the "Web Application Cyber Attack Detection Report (hereinafter referred to as the "Report") covering the third quarter of 2024 (July 1, 2024 ~ September 30, 2024). This report aggregates, analyzes, and calculates cyber attack logs observed by Cloud-based WAF 's "Shadankun," which visualizes and blocks cyberattacks on web applications provided by our company, and "WafCharm," an automated public cloud WAF operation service.

<Report Summary>
・Detects approximately 3.7 million cyber attacks per day
・SQL injections increased by approximately 64 million cases
・Food and beverage manufacturing will be the industry with the highest number of personal and credit card data leaks in 2024

■ Total number of attacks and trends: Approximately 3.7 million cyber attacks detected per day

From July 1 to September 30, 2024, the total number of cyber attacks on web applications detected by our company was 343,495,810. This equates to approximately 3.7 million attacks per day. The average number of attacks per host (※1) was 21,304.
(※1) Estimated calculation based on the total number of hosts protected by "Shadankun" (Web type: number of FQDNs, Server type: number of IPs) and the number of hosts protected by "WafCharm" (WebACLs).

■ Country of origin of the attack

Looking at detected attack sources by country compared to the same period in 2023, the United States ranked first, followed by Japan second, and the United Kingdom, France, and Australia third.
There is not much change in the top countries, but Bulgaria, which was ranked 14th in July-September 2024, is ranked 10th.

■Main attack types

Looking at the attack status of the main types of attacks during this survey period, although the total number has increased, the main trend has not changed significantly from 2023. The most common type of attack is "Web scan," which is a "precursor to an attack" such as exploring and investigating the target of the attack or searching for vulnerabilities with simple random attacks, accounting for 40%. Next is "Bad user agent," an attack by bots using vulnerability scanning tools, accounting for 23% of the total. In addition, attacks targeting the PHP testing framework "PHPUnit," which has not attracted attention until now, have been confirmed to continue to increase after increasing by 8.5 million in the second quarter.

■ SQL injections increased by approximately 64 million cases compared to July-September 2023

SQL injection is an attack on a site or application that dynamically creates SQL statements based on external input, whereby unauthorized database data can be read, altered, or deleted by injecting malicious SQL statements through unintended external input. If an SQL injection vulnerability is exploited, the database can be manipulated from the outside, resulting in the reading, theft, modification, or deletion of data recorded in the database. The number of SQL injection attacks detected has been on the rise since July 2023. In particular, the number of detections has consistently and steadily increased, with the most recent three months showing the most pronounced increase.

■ Personal information leaks involving credit card information in 2024 (as of October 11th)
*This data shows cases of personal information leaks involving credit card information that were announced by companies in 2024, but it also includes cases where the leaks themselves were caused by tampering that took place between the end of 2020 and the first half of 2021.

It was revealed that the food and beverage manufacturing industry had a higher number of victims than other industries between January and October 11, 2024. This is because they operate their own e-commerce sites such as online stores and handle large amounts of customer personal information, including credit card information, making them more likely to be targeted by attacks.

The next largest number of data leaks were in the food and beverage and wholesale industries, with the number of credit card data leaks particularly notable in the food and beverage industry. In both cases, data leaks were caused by online stores operated by the companies themselves, and the damage is thought to be worsening as opportunities to handle credit card information are increasing.

It is also important to keep in mind the possibility that some systems may already have been compromised and to continue regular monitoring and inspection. Even for old servers and systems that you think are no longer in use, it is important not to leave vulnerabilities unattended and to remember to update and apply patches. For example, there have been reported cases where previously reported PHPUnit vulnerabilities are still being targeted, and there is a risk that such old vulnerabilities will be attacked.

The scale and number of leaks vary by industry, but since data leaks are occurring in all industries, patching and vulnerability assessments are required. In particular, it is important for companies that handle credit card information to thoroughly check their compliance with PCI DSS (Payment Card Industry Data Security Standard) and strengthen the protection of customer information.

■Comment from Representative Director, CTO Yoji Watanabe
The Cyber Attack Detection Report for Q3 2024 shows that attacks against web applications remain at a high level, with an extremely high number of attacks observed, at approximately 3.7 million per day. This once again highlights that cyber attacks are an everyday threat in an increasingly digitalized society.
It is particularly serious that the number of SQL injection attacks has increased significantly compared to the same period last year. Because SQL injection poses a high risk of leading to unauthorized manipulation of databases and data leakage, companies need to take thorough security measures against this threat.
What is noteworthy is the increasing sophistication of attack methods and the diversification of targets. In particular, attacks targeting old framework vulnerabilities such as PHPUnit are on the rise, so it is important not to leave past vulnerabilities unattended. System administrators are required to always apply the latest security patches and perform vulnerability diagnosis and regular monitoring.
We provide solutions that not only visualize and block attacks on web applications in real time through Cloud-based WAF "Shadankun" and "WafCharm," but also enhance the safety of our customers by utilizing the vulnerability information collection and management tool "SIDfm." In order to protect our customers on the front lines of cybersecurity, we will continue to strive to improve our technical capabilities and services, and promote even more advanced security measures.

■About Cyber Security Cloud, Inc.
Address: 13th floor, JR Tokyu Meguro Building, 3-1-1 Kami-Osaki, Shinagawa-ku, Tokyo
Representative: Representative Director, President and CEO Toshihiro Koike
Established: August 2010
URL: https://www.cscloud.co.jp
With the mission of "creating a cyberspace that people all over the world can use safely and securely," we are a Japanese security manufacturer that provides vulnerability information collection and management tools and fully managed security services for cloud environments, centered on web application security services that utilize the world's leading cyber threat intelligence. As one of the global companies in cybersecurity, we will contribute to solving social issues related to cybersecurity and provide added value to society.