- Best Black Friday TV deals 2024: 75+ expert-selected deals on QLED, OLED, & more
- Shopping for your kids this Black Friday? This is the best kids' device of 2024
- Australia Passes Groundbreaking Cyber Security Law
- Cisco, NTT partner to simplify private 5G connectivity
- I gave away my Kindle and iPad within hours of testing this tablet - and it's up to $180 off
Automated Tools Increasingly Used to Launch Cyber-Attacks
Cyber-criminals are increasingly making use of automation and bots to launch attacks, according to a new analysis by Barracuda Networks.
In its new report, Threat Spotlight: Automated attacks on web applications, the cybersecurity firm revealed that over half (54%) of all cyber-attacks it blocked in November and December were web application attacks which involved the use of automated tools.
The most prevalent form was fuzzing attacks, making up around one in five (19.5%). This uses automation to detect and exploit the points at which applications break. This was followed by injection attacks (12%), in which cyber-criminals make use of automation tools such as sqlmap to gain access to applications.
Fake bots also represented 12% of the total number of attacks blocked by Barracuda. These are automated attacks that pretend to be a Google bot or similar. Making up the top five web application attacks were application DDoS (9%) and bots blocked by site admins (2%).
While bot traffic is growing, the researchers noted that more traditional web app attacks, such as injection attacks and cross site scripting (1%), remained prevalent.
Tushar Richabadas, senior product marketing manager at Barracuda Networks, commented: “Automated attacks can overwhelm or infiltrate web applications, and defending against all the varieties of automated attacks can be daunting.
“The good news is that multi-purpose solutions are consolidating into Web Application Firewall and WAF-as-a-Service solutions, also known as Web Application and API Protection services (WAAP). Thus, organizations looking to bolster their defenses against this growing threat should look for a WAAP solution that includes bot mitigation, DDoS protection, API security and credential stuffing protection, as a minimum, and also make sure it is properly configured.
“It is also important to stay informed about current threats and how they are evolving, so that your business can be defended against them. Over the coming year, we can expect automated bot attacks, attacks against APIs and attacks against software supply chains to develop in quantity and sophistication, especially as these newer attacks have fewer protections and defenses blocking them.”