Threat Analysis

Web Application Malware Transactions Surge by 500%

Morgan Phisher December 6, 2023

Hey there, Bay Area pals! I’ve been knee-deep in this recent report by Radware, a cybersecurity heavyweight, and let me tell you, things are shifting in the cyber threat landscape, and we ought to pay attention. You know how we’re always on the lookout for the newest trends and patterns around here, right? Well, today, we’re diving into the intricacies of denial-of-service (DoS) attacks.

So, here’s the lowdown. More and more mischievous hackers are climbing up the network stack to target online apps, APIs, and crucial infrastructure. Forget about compromised IoT devices. These bad actors are diving headfirst into cloud-based operations for more control, more impact, and, unfortunately for us, more scale.

Now, picture this, the very nature of DoS attacks is flipping on its head. Tactics, vector, size, complexity, even who’s behind these offenses, are morphing in unprecedented ways. We’ve had a 500% jump in malicious web application transactions in the first half of this year compared to the same time in 2022. The total number of DDoS events, however, has declined by 33%.

From where I’m standing, DNS Flood vector attacks are an area of concern. They’ve nearly doubled compared to what we were seeing throughout 2021 and most of 2022. Plus, the sheer complexity of attacks is moving in lockstep with their size. The bigger the attack, the more complex it is.

Remember Telegram, the public messaging app? It turns out a lot of hackers, particularly hacktivist groups, are pretty active on there. These hacktivist groups are fueling the rise in layer 7 attacks.

And guess who’s caught in the crossfire more often than not? Us, organizations all across the globe. Hacktivists strike a patriotic chord with volunteers, arm them with botnets, attack tools, and even tutorials on how to execute an attack. Pretty organized, huh?

Here’s something that might surprise you. DDoS campaigns are increasingly serving as political and religious warfare. And the top targets? India, then the United States, Israel, Ukraine, and Poland.

Don’t sigh in relief just yet. When it comes to the sectors they hit, well, government, business, and travel bear the brunt of these attacks, with health and medicine not too far behind.

What about the geographical distribution of these DDoS attacks? EMEA (Europe, Middle East & Africa) is getting the brunt of the action, followed by the Americas. Though the Americas are blocking fewer attacks, they’re still working on nearly the same volume as EMEA. We’re all on this rollercoaster ride together, folks.

Peek into sectors, and we see research and education facing the most DDoS attack volume, followed by service providers and tech companies. Back here at home in the Americas, most of the volume is targeted towards service providers and research and education sectors, with healthcare and energy next in line.

In alarmingly predictable fashion, we’ve seen a shift in DDoS attack patterns as they gradually ascend to layer 7. This is evident from the exponential rise in malicious web application transactions—up by 500% in the first half of 2023 compared to the same period in 2022.

The most common violation? Predictable resource location attacks. Scary stuff, huh? The big losers in this rumble? The retail industry, carriers, and SAAS providers.

So, yeah, the wild, wild web’s landscape is reshaping. But hey! We’re intelligent people, right? We’ve got this. Let’s stay woke, alert and step up our game to keep our digital spaces safe and secure.

by Morgan Phisher | HEAL Security