Attacks on web applications can lead to a crappy Christmas


  • Web application attacks on UK businesses have jumped 251% since October 2019
  • Imperva has found that attacks increase an average of 22% per quarter
  • The pandemic has placed a huge urgency on businesses to implement all kinds of digital transformation projects as quickly as possible.

Web applications and mobile applications are now an integral part of modern society. Almost all businesses rely on apps to connect with their customers and better understand their needs.

As app addiction has grown, the reality is that cybercriminals are also targeting web and mobile apps to launch cyber attacks against users and organizations. Such attacks have increased around the world and are expected to continue throughout the holiday season, especially with everyone using apps.

According to Imperva research, web application attacks against UK businesses have jumped 251% since October 2019. And more alarmingly, Imperva found that attacks were on average increasing by 22% per quarter, alarmingly, with a 68% increase from Q2 to Q3. 2021, showing how web application attacks continue to skyrocket as Christmas approaches.

As such, organizations and consumers alike risk suffering from a “crappy” Christmas. For businesses, the increase in these attacks means that organizations are at increased risk of experiencing data leaks or data scraping incidents, in which sensitive customer data is placed in the hands of attackers.

All is not “shit”

The problem with apps, whether web or mobile, is that consumers and businesses depend on them today. This dependency makes it more difficult to secure applications as businesses continue to add new functionality to their applications.

At the same time, almost all applications today require users to enter data. Whether it’s personal data or payment information, cybercriminals want that data. And they have been successful in obtaining them in the past.

One example is Remote Code Execution (RCE) or Remote File Inclusion (RFI) attacks, which have jumped 271%. RCE / RFI attacks target corporate websites and servers, and are used by hackers to steal information, compromise servers, and even take over websites and modify their content.

Earlier this year, Imperva Research Labs found that half (50%) of all data breaches start with web applications. With the number of breaches increasing by 30% per year and the number of stolen records increasing by 224%, it is estimated that 40 billion records will be compromised by the end of 2021, with vulnerabilities in web applications likely to be responsible for it. around 20 %. billion.

The biggest pitfall is that when applications are compromised, the company’s reputation is also at stake. Many organizations have been criticized and suffered huge losses every time their applications are taken offline.

Dependence on web and mobile applications

According to Peter Klimek, chief technology officer at Imperva, the pandemic has placed an immense urgency on companies to implement all kinds of digital transformation projects as quickly as possible, and this is almost certainly a determining factor in this upsurge in attacks. .

“The changing nature of application development itself is also extremely important. Developments such as the rapid proliferation of APIs and the move to cloud-native computing are beneficial from a DevOps perspective, but for security teams, these changes in application architecture and the increased attack surface that accompanying it makes their job much, much more difficult, ”added Klimek. .

Losses from fraud and cybercrime spiraled out of control during the pandemic, with the National Fraud Intelligence Bureau estimating around £ 1.3bn was lost in the first half of 2021 alone, more than three times the amount lost over the same period in 2020 These numbers suggest the problem will continue to worsen throughout 2022.

Klimek pointed out that businesses are seeing more traffic through their web applications than ever before, especially APIs.

“Over 70% of web traffic now goes through APIs, which means business exposure is only increasing. It’s no longer enough to have a WAF in place and hope for the best – businesses need to invest in a comprehensive web application and API Protection (WAAP) stack that includes things like RASP and Advanced Bot Protection, their to secure everything from the edge to the database. , “he explained.


Comments are closed.