Barracuda Networks, a cloud-first security solutions provider, releases a new Threat Spotlight report highlighting the various methods attackers are using to steal valuable data by exploiting vulnerabilities and misconfigurations in web applications. Released.
In 2023 alone, Barracuda mitigated over 18 billion attacks against applications. That includes his astonishing 1.716 billion attacks in December. This report highlights incidents related to web applications detected and prevented by Barracuda Application Security throughout the month. We focused on attacks identified by the Open Worldwide Application Security Project (OWASP).
Web applications are computer programs that are accessed through a web browser and include productivity tools such as Microsoft 365 and Google Docs/Gmail. They were involved in 80% of security incidents and 60% of breaches reported in 2023, indicating they are a prime target for cyberattacks, according to data from Verizon's Data Breach Investigation Report (DBIR). It has been.
According to a recent Barracuda Threat Spotlight, the majority of attacks against web applications are directed at security misconfigurations, such as coding or implementation errors, accounting for 30% of all attacks. An additional 21% of attacks document the use of a technique called “code injection,” in which the attacker injects code for the application to execute. This includes not only SQL injection for the purpose of stealing, destroying, or modifying data, but also Log4Shell and LDAP injection, which are often deployed for privilege management, such as supporting application single sign-on (SSO) .
The Threat Spotlight report also highlighted that bot attacks against web applications will be widely used throughout 2023, with the majority (53%) being leveraged for mass distributed denial of service (DDoS) attacks. These attacks are based on brute force techniques that deploy IoT devices and bombard targets with data packets, consuming bandwidth and resources. It can also be used as a smokescreen for more insidious targeted attacks on your network.
“Web applications and APIs are a lucrative attack vector for cybercriminals, and attacks are on the rise,” commented Tushar Richabadas, principal product manager for application security at Barracuda. He emphasized how difficult it is for defenders to continue to address the ever-increasing number of vulnerabilities. The team must address both old and new vulnerabilities across critical applications, including vulnerabilities in his chain of software supplies highlighted by the Log4Shell vulnerability.
“It's important to remember that attackers often attempt to break into unpatched applications and spread across networks by targeting old vulnerabilities that security teams have overlooked,” Richabadas said. he warned.