(Cyber Security Cloud, Inc.; Representative Director, President and CEO; Toshihiro Koike, "the Company"), a global security manufacturer, announces the "Cyber Attacks on Web Applications Detection Report (the "Report")" covering the period from January 1 to December 31, 2024. This report is based on the analysis and calculation of cyber attack logs observed by "Shadankun" of Cloud-based WAF, which visualizes and blocks cyber attacks on web applications provided by the Company, and "WafCharm (WAF Charm)" and "CSC AWS WAF Managed Rules", which are automated operation services for public cloud WAF. The logs are then analyzed and calculated.

<Report Summary>
・Detects approximately 3.3 million cyber attacks per day
・The number of SQL injection attacks increased by approximately 140 million
・The number of attacks targeting PHPUnit increased by approximately 60 million

■ Total number of attacks and trends: Approximately 3.3 million cyber attacks detected per day

From January 1 to December 31, 2024, the total number of cyber attacks on web applications detected by our company was 1,212,511,259. This equates to approximately 3.3 million attacks per day. In addition, there were 74,905 attacks per host (※1) per year, which is an increase of 154% from the previous year and the highest number ever. (Approximately 43,000 attacks in 2020, approximately 42,000 attacks in 2021, approximately 42,000 attacks in 2022, and approximately 48,000 attacks in 2023)
(※1) Estimated calculation based on the total number of hosts protected by "Shadankun" (Web type: number of FQDNs, Server type: number of IPs) and the number of hosts protected by "WafCharm" (WebACLs).

■ Attack country

Comparing the sources of detected attacks by country in 2023, the top three countries in terms of number of attacks were the United States, Japan, the United Kingdom, France, and Germany.
Although there were some changes, such as Australia, which was ranked 11th last year, moving up to 10th place, there were no major changes in the top ranking countries.

■ Source country of attacks (increase rate)

In addition, the ranking of the increase rate by country of origin of attacks is shown above. In 2024, as large-scale elections were held in countries around the world, cyber attacks, including distributed denial of service attacks (DDoS attacks), occurred frequently. Countries where important political events such as the Indonesian presidential election, the Taiwanese presidential election, and the EU European Parliament election were held account for many of the increase rate rankings in the table above.

According to a survey titled "Top 10 Information Security Threats 2025" (※2) published by the Information-Technology Promotion Agency, Japan (IPA), distributed denial-of-service attacks (DDoS attacks) and cyber attacks resulting from geopolitical risks ranked in the top 10.

DDoS attacks are attacks aimed at disrupting the services of websites and apps. While the cost to the attacker is relatively low, they can have a significant impact on critical infrastructure and the business continuity of companies.
The increase in DDoS attacks observed at the end of 2024 may be linked to global botnet activity, with many countries seeing an increased frequency of attacks.

In addition, the reason for the sudden increase in specific countries as the source of attacks is the rise in geopolitical risks and the associated increased activity of hacker groups. In situations such as elections, international conflicts, and economic sanctions, attacks by domestic and foreign hacker groups are likely to increase, and DDoS attacks and cyber attacks aimed at information manipulation tend to occur frequently.

In Japan, it was reported that political party websites were subjected to DDoS attacks during the House of Representatives election period, so it is important to be particularly careful about cyber attacks during election periods.

Please note that the countries identified in this report as sources of attacks do not definitively indicate the source of the attacks, as attackers may use servers as relay points.

■ Main attack types

Looking at the attack status of the main types of attacks during this survey period, although the total number has increased overall, the main trend has not changed significantly from 2023. The most common type of attack is "Web scan," which is a "precursor to an attack" such as exploring and investigating the target of the attack, or searching for vulnerabilities with simple random attacks, accounting for 42%. Next is "Bad user agent," an attack by bots using vulnerability scanning tools, etc., accounting for 17% of the total. In addition, attacks targeting the PHP testing framework "PHPUnit," which has not attracted attention until now, have been confirmed to continue to increase after increasing by 8.5 million in the second quarter of 2024.

■ The number of SQL injection attacks will increase by approximately 140 million compared to FY2023

SQL injection is an attack in which malicious SQL statements are injected into websites or applications that dynamically generate SQL statements based on external input, resulting in unauthorized viewing, alteration, or deletion of database data. If this vulnerability is exploited, it could allow an attacker to manipulate the database, resulting in damage such as viewing, theft, alteration, or deletion of stored data.

In 2024, there were cases where companies that provide endpoint management tools were targeted by attacks. These solutions assist companies in managing IT assets and integrated management of endpoint devices, but there have been confirmed cases where unpatched vulnerabilities and improper settings were actually exploited, resulting in the theft of administrative privileges and malware infection. Therefore, if appropriate measures are not taken, you may be exposed to similar risks.

In addition, there are concerns that zero-day vulnerabilities will continue to be discovered and attacks that exploit existing vulnerabilities will continue, and damage is expected to spread further. Users must take thorough security measures, such as applying security updates promptly and disabling unnecessary functions according to vendor instructions.

■ The number of attacks targeting PHPUnit will increase by approximately 60 million compared to fiscal 2023

PHPUnit is a unit testing framework for the PHP programming language. A vulnerability in PHPUnit could allow a remote attacker to execute arbitrary PHP code. This is a dangerous vulnerability that allows an attacker to perform a wide range of activities on the server via the PHP code.
Compared to January to December 2023, the number of detections has increased by approximately 60 million.

■Comment from Cyber Security Cloud, Inc. Representative Director, CTO Yoji Watanabe
The recently released "Web Application Cyber Attack Detection Report" highlights the current state of cyber attacks we face. The data showing that approximately 3.3 million attacks were detected per day in 2024 alone shows the seriousness and increasing trend of attacks targeting web applications. The fact that it increased by 154% from the previous year highlights that cyber attacks are evolving and expanding in scale.

Additionally, while attacks against endpoint management tools have been gaining attention, we are also seeing an increase in attacks targeting vulnerabilities in the solutions companies use that can go beyond simple data theft and potentially disrupt an organization’s operations and damage its brand.

To deal with such threats, we strongly recommend that you regularly apply security patches and build a multi-layered defense system that includes a WAF (Web Application Firewall). It is also important to raise security awareness within your organization and develop a system that can quickly respond to changes in attack methods. We will continue to provide cutting-edge security solutions and help our customers create a safe IT environment.

(*) "Top 10 Information Security Threats 2025" by the Information-Technology Promotion Agency (IPA): https://www.ipa.go.jp/security/10threats/10threats2025.html

About Cyber Security Cloud, Inc.
Address: 13th floor, JR Tokyu Meguro Building, 3-1-1 Kami-Osaki, Shinagawa-ku, Tokyo
Representative: Representative Director, President and CEO Toshihiro Koike
Established: August 2010
URL: https://www.cscloud.co.jp
With the mission of "creating a cyberspace that people all over the world can use safely and securely," we are a Japanese security manufacturer that provides vulnerability information collection and management tools and fully managed security services for cloud environments, centered on web application security services that make full use of the world's leading cyber threat intelligence. As one of the global companies in cybersecurity, we will contribute to solving social issues related to cybersecurity and provide added value to society.