There’s no doubting that the internet has become an indispensable component of modern life. Every minute, we send 197.6 million emails, spend 1.6 million dollars online, and download over 415,000 applications as a population.
However, although our ever-increasing usage of the internet gives us limitless communication, learning, and technology options, it also exposes us to a plethora of web-based hazards.
We’ve compiled the most recent online security data from across the world to help you understand the scope and severity of the risks confronting your company. These figures are based on third-party surveys and publications. So, let’s get started.
What’s the frequency of web-based attacks?
According to Verizon’s recent analysis, web application assaults account for 26% of all breaches, making them the second most frequent attack pattern.
However, programs aren’t the sole source of risk on the internet. Global search traffic grew dramatically in 2020, with spikes occurring often during COVID-19 pandemic lockdowns.
Now, as the globe embraces virtual hangouts and movie streaming platforms for leisure, as well as video conferencing technologies to engage with coworkers remotely, these high levels of global internet usage show no signs of slowing down.
While the internet has helped many businesses maintain productivity as they transition to remote and, more recently, hybrid work, our reliance on it has made it a valuable target for attackers, who have concentrated their efforts on exploiting web weaknesses.
According to SiteLock, based on an examination of 7 million websites, websites are now subjected to an average of 94 assaults per day and are accessed by bots around 2,608 times each week. Cybercriminals use these bots to search websites for weaknesses and carry out simple attack patterns such as distributed denial of service (DDoS) and credential-stuffing assaults.
With so many bots charged with finding weaknesses, it comes as no surprise—though nonetheless unpleasant—that an estimated 12.8 million websites worldwide are infected with malware.
Web Application based URLs
The top ten countries hosting the majority of high-risk URLs, according to a recent analysis, are:
- USA
- Russia
- Germany
- Singapore
- South Korea
- Denmark
- China
- Japan
- Canada
- The Netherlands
Botnets, keyloggers, and monitoring, malware sites, phishing, proxy avoidance and anonymizers, spam, spyware, and adware are among the high-risk URLs categorized in this research.
The following are the top site categories that host malicious URLs:
- Adult (9.43% host a malicious URL)
- Entertainment (8.63%)
- Medicine (7.66%)
- Manufacturing (19.87%)
- Shareware/torrents (11.84%)
- Social networking (8.71%)
- URL link modifier (5.81%)
- Other (28.06%)
Financial Institution targeted with Web Attacks
In 2020, more than 736 million web assaults against financial institutions were registered, out of a total of 6.3 billion web attacks that year. Local file inclusion was the most common sort of web attack, accounting for 52 percent of all assaults, followed by SQL injection attacks, which accounted for 33 percent. 9 percent of the assaults were cross-site scripting.
Web-based malware
Malware is involved in more than 70% of all system intrusion breaches, and 32% of all malware is spread over the internet.
The following are the main dangers discovered on malware-infected websites:
- Phishing (7%)
- Defacement (6%)
- SEO spam (5%)
- Backdoor (65%)
- File hacker (48%)
- Malicious eval request (22%)
- Shell script (22%)
- Injector (21%)
- Cryptominer (<1%)
Web-based phishing
In addition to rejecting malware-related inquiries, Akamai’s web security technology also prevented 6,258,597 phishing-related requests and provided information about their own phishing experiences.
The platform, finance, global services, CIO office, online sales and marketing divisions, as well as their support, media, and carrier teams, were the most phished business units, according to the research. Despite the fact that this figure is smaller than the amount of malware-related inquiries rejected, Google Safe Browsing statistics reveal that there are roughly 75 times as many phishing sites on the internet as there are malware sites.
This emphasizes the magnitude of the threat posed by social engineering: Social assaults, such as phishing, account for 25% of all breaches. Webmail and Software-as-a-Service (SaaS) users are the targets of the most phishing efforts, according to a recent survey, accounting for 34.7% of all phishing attempts.
The frequency of business email compromise (BEC) assaults launched through free webmail providers increased by 11% in the previous year, from 61% to 72%, according to the same report. Gmail was utilized by over half of those who launched assaults.
Data Breaches from Phishing Attacks
90 percent of data breaches are triggered by phishing attacks, according to Cisco’s 2021 Cybersecurity Threat Trends research. Users are the weakest link in the security chain, thus many assaults are focused on them. Hackers target human emotions or ineptitude more frequently than system flaws, as evidenced by the popularity of social engineering approaches.
A data breach costs an average of $4.24 million dollars. This number illustrates an ever-widening cost disparity between firms that use more modern security methods and those that don’t. This implies that the cost of a data breach is substantially lower for companies that have a formal security architecture in place, but it may be disastrous for those that do not.
According to the same survey, malevolent attacks account for 52 percent of breaches, and these breaches cost an average of $4.27 million, which is more than the typical data breach. Because of the way ransomware and destructive malware attacks destroy data, they cost more than the usual harmful assault. Malicious attacks that erase or destroy data cost an average of $4.52 million, while ransomware assaults cost an average of $4.44 million.
Conclusion
A stack of attack surfaces and defensive mitigation mechanisms makes up web application security. Protecting web applications with a single approach or at a single tier of the stack is insufficient. Vulnerabilities in the platform or protocols like TCP or HTTP can be just as damaging to an application’s security and availability as assaults on the program itself.
To achieve a favorable web application security posture, a whole stack of mitigating measures is required. It’s worth noting that a holistic strategy necessitates coordination across the network, security, operations, and development teams since each has a responsibility to play in safeguarding applications and their crucial data.
Leave a Reply