What Kind of Cyberattack Spikes Before a World Event?
New CSC Cyberattack Detection Report capturing over 200 million attacks from January to June 2021 in Japan reveals SQL injections spiking before the Olympics, implicates global events
TOKYO – August 24, 2021 – Cyber Security Cloud, Inc. (CSC), the world’s leading innovator in cyber threat intelligence and AI-driven web security, today announced trends revealed in its Cyberattack Detection Report covering January 1, 2021 to June 30, 2021. Compared with data from the same period in 2020 for more than 10 types of documented cyberattacks, the 2021 report shows an overall increase in web scans and SQL injections in Japan — the latter sharply spiking as final preparations for the summer Olympics geared up in Tokyo.
“It’s important to learn from this spike in SQL injections prior to the Olympics, as every business, government and social sector in Japan was spinning up for the global spotlight,” said Toshihiro Koike, CEO of CSC. “This data points to a trend of increasing cyberattacks before any sort of global event. Organizations in the U.S., for example, should prepare for an increase in cyberattacks as the Super Bowl approaches by implementing tools like WafCharm. That can prevent SQL injections and provide protection against the OWASP 10, the most critical security risks to web applications.”
Scale and Types of Attacks Serve as Warning for Businesses Around the World
Cyberattacks analyzed in this report and detected by CSC’s services totaled 204,972,557 between January and June 2021, primarily in Japan’s markets. This means that, on average, more than 100 cyberattacks were detected every 10 seconds. CSC calculated the data by aggregating the attack logs observed by its services Shadankun, a cloud-based WAF (web application firewall) that visualizes and blocks cyberattacks on websites, and WafCharm, an AI-driven service for automation of AWS WAF and Azure WAF operations.
The report classified multiple types of cyberattacks including: blacklisted user agent attacks, web attacks, web scans, SQL injections, brute force attacks, traversal attacks, cross-site scripting (XSS), DoS attacks, spam mail and others. “Our data shows that cyberattacks are increasing every day and many types of attacks are becoming more sophisticated,” added Koike. “It’s critical for companies and individuals to take serious cybersecurity measures in order to prevent damage to their systems, revenue, reputation and business value. Companies that do not have sufficient countermeasures are more likely to be targeted by hackers, and it’s more likely that they will be attacked more intensively.”
Blacklisted user agents, which attack with bots using vulnerability scanning tools, numbered about 80 million, accounting for the highest ratio of the total number of cyberattacks, at 39%. Next, about 48 million cases of web attacks — those compromising vulnerabilities of the software that composes web servers — accounted for 24% of the total. There were about 30 million web scan attacks, for 15% of the total, and SQL injection attacks ranked fourth at about 15 million for almost 7.5% of the total. The SQL injection attacks were notably higher than last year’s figure, but most striking was the sustained spiking through much of June. Brute force attacks, which attempt to break through defenses by inputting all theoretically possible patterns for encryption and PINs, ranked fifth in the report with about 11 million cases accounting for 5% of the total number of attacks.
SQL Injection and WordPress Plugin Vulnerabilities are Especially Noteworthy
SQL injection is a web security risk where an attacker interferes with the queries that an application makes to its database, tricking the interpreter into executing hostile commands. When a SQL injection attack occurs, personal account and credit card information can be leaked and routed to a fraudulent website. In Japan, a large-scale personal information leakage incident stemming from SQL injection attacks occurred in June 2021. In light of the report data, Koike recommends using a WAF and regularly strengthening measures like vulnerability diagnoses to combat this kind of insidious attack.
The report also revealed noteworthy issues with WordPress plugins. The number of attacks per day targeting vulnerabilities in various plugins that extend WordPress functionality jumped significantly in the first half of May, settled down, then increased sharply again in the first half of June. The data indicates that it’s likely a vulnerability against PHPMailer surfaced with WordPress version 5.7.2 released on May 13. As a website tool leveraged widely across the world, it’s important for small businesses and individuals to protect against plugin vulnerabilities.
About Cyber Security Cloud Inc. (CSC)
Cyber Security Cloud’s mission is to create a secure cyberspace that people everywhere can use safely. In more than 70 countries, CSC provides web application security services that leverage the most effective cyber threat intelligence and AI-driven security technology available. As one of the very few Amazon Web Services (AWS) WAF Managed Rules Sellers in the world certified by AWS — the cloud giant that holds almost half of the global cloud market share — CSC uniquely optimizes and automates rules best suited to each customer’s AWS deployments as new cyber threats emerge. Leading cybersecurity improvements worldwide, CSC continues to develop and refine award-winning technologies and security solutions that contribute to the information revolution.
To learn more, please visit https://www.cscloud.co.jp/en/.