Cybercrime is big business, and scammers are increasingly turning to bots and automation to make their attacks more efficient and effective and help them avoid detection, according to new research from Barracuda, a trusted partner and leading provider of cloud-enabled security solutions.
In December 2020, Barracuda researchers analysed a sample of two months of global data on web application attacks blocked by Barracuda systems, uncovering a massive number of automated attacks around the world, including Asia-Pacific.
Automated attacks use bots to try to exploit vulnerabilities in web applications. These attacks can range from fake bots posing as Google bots to avoid detection to application DDoS trying to crash a site by subtly overloading the application.
According to the research, fuzzing attacks, which use automation to break into applications, accounted for nearly 20% of attacks, followed by Injection attacks at 12%, which sees hackers using automated tools like sqlmap to access applications. This came in tied with bots pretending to be a Google bot or similar, also at 12%. In fourth place was Application DDoS (distributed denial of service) attacks, which made up more than 9% of the sample across all geographies, followed by bots blocked by site admins, which accounted for just under 2%.
These kinds of attacks are often used to retrieve sensitive data, and Barracuda researchers noted an overwhelming number of exfiltration attempts focused on stealing credit card numbers, with Visa being the clear focus, accounting for more than three-quarters of these attacks.
“Automated tools continue to advance in their level of sophistication, allowing even the most unsophisticated hacker with a convenient way to successfully steal valuable data from unsuspecting users, said Mark Lukie, Engineer Manager, Barracuda, Asia-Pacific.
“Our research shows that these attacks can take many forms, making it crucial to invest in a cloud-based solution which offers total application security to find and remediate vulnerabilities automatically. This, coupled with the right cyber awareness training for your team, will give you the best possible chance of staying protected against these evolving threats,” he said.