ChannelLife Australia logo
Industry insider news for Australia's technology resellers
Story image

Malicious web application attacks climb 88% - report

By Shannon Williams
Tue 15 Mar 2022

Malicious web application attacks have climbed 88%, according to a new report. 

Cyber security and application delivery solutions provider Radware  released its 2021-2022 Global Threat Analysis Report.

The report findings underscore 2021 as the year of the web application attack. Between 2020 and 2021, the number of malicious web application requests climbed 88%, more than double the year-over- year growth rate in distributed denial-of-service (DDoS) attacks, which were up 37% over 2020.

The unprecedented increase in web application attacks did not, however, prevent DDoS from making a name for itself in 2021. The report details how last year saw multiple record-breaking DDoS attacks and ransom denial-of-service (RDoS) earn its place in the threat landscape. At the same time that big attacks were making headlines, the volume of micro floods, attacks which often go undetected, rose nearly 80% compared to 2020.

"The statistics tell a story about bad actors. They are getting smarter, more organised, and more targeted in pursuing their objectives whether that be for money, fame, or a political cause," says Pascal Geenens, director of threat intelligence for Radware.

"In addition, cybercriminals are shifting their attack patterns from leveraging larger attack vectors to combining multiple vectors in more complex-to-mitigate campaigns," he says.

"Ransomware operators and their affiliates, which now include DDoS-for-hire actors, are working with a whole new level of professionalism and discipline something that we have not seen before."

Radware's 2021-2022 Global Threat Analysis Report reviews the most important cyber security events in 2021 and provides detailed insights into DDoS and web application attack developments as well as unsolicited network scanning trends. 

Key takeaways from the report include:

Cloud-Scale DDoS Attacks are in the Forecast
As more businesses migrate critical resources and applications to the public cloud, attackers are adapting their tactics and techniques to match the scale of public cloud providers. While enterprises should not be immediately alarmed by reports of huge attacks, they do need to be aware that DDoS attacks are a part of their threat landscape, irrespective of their geography or industry. Companies hosting services in the public cloud need to be prepared for cloud-scale attacks.

Ransom DoS (RDoS) Gangs Take Charge
In 2020, there was an uptick in DDoS attacks against organisations that did not pay a ransom demand on time. In 2021, RDoS confirmed its pervasive presence in the DDoS threat landscape with several campaigns. This included attacks targeting VoIP providers worldwide, which sparked concern for critical infrastructure.

Ransomware Operators Turn to Triple Extortion
In 2021, more sophisticated and better organised operators advanced their tactics, adding more extortion capabilities to their arsenal. To bring reluctant victims back to the negotiating table, they launched triple extortion campaigns by combining not only cryptolocking and data leaks, but also DDoS attacks. As a result, the flourishing underground economy supported by ransomware operators is seeing a new demand for DDoS-for-hire services.

Micro Floods Make a Big Showing
While the number of large attack vectors (above 10Gbps) declined 5% between 2020 and 2021, micro floods (less than 1Gbps) and application-level attacks rose nearly 80% higher. By shrewdly combining a large number of micro floods over longer periods of time, attackers put organisations at greater risk of having to constantly increase infrastructure resources, such as bandwidth, and network and server processing, until the service can become cost prohibitive.

Other key results from the 2021-2022 Global Threat Analysis Report include:

DDoS Attacks
In 2021, the number of malicious DDoS events increased by 37% per customer compared to 2020. Europe, the Middle East, and Africa (EMEA) and the Americas each accounted for 40% of the attack volume in 2021, while the Asia Pacific region accounted for 20%.
Average 2021 DDoS attack volumes per customer grew by 26% in 2021 compared to 2020.

The top attacked industries in 2021 were gaming and retail, each accounting for 22% of the attack volume on a normalised basis. These two industries were followed by the government (13%), healthcare (12%), technology (9%), and finance (6%).

Web Application Attacks
The number of malicious web application requests grew 88% from 2020 to 2021. Broken access control and injection attacks represented more than 75% of web application attacks.

The most attacked industries in 2021 were banking and finance, along with SaaS providers, together accounting for more than 28% of web application attacks. Retail and high-tech industries ranked third and fourth, each with almost 12% of the web security events, followed by manufacturing (9%), government (6%), carriers (6%), and transportation (5%).

Related stories
Top stories
Story image
Tech job moves
Tech job moves - Bitdefender, Cohesity, Fortinet & MODIFI
We round up all job appointments from June 27-30, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
SOTI
Australian consumers loyal to retailers who deliver speed and visibility
SOTI finds extensive order visibility and speed are the most important factors for turning one-off customers into loyal, long-term buyers.
Story image
Online shopping
Consumers want speed, visibility in return for brand loyalty
72% of Australian shoppers want complete online order visibility and 63% are loyal to retailers who deliver goods the fastest.
Story image
Robotics
Evonik relies on Getac F110 tablet to control autonomous robot
The aim of the project is to evaluate the practicality of an automated robotic maintenance and inspection solution in the chemical industry.
Story image
Internet of Things
ManageEngine wins big in IDC MarketScape assessment
ManageEngine's Endpoint Central service has been recognised as a leader by IDC MarketScape in several categories including Internet of Things device deployments and UEM software for SMEs.
Story image
Dicker Data
EXCLUSIVE: Why women in IT makes good business sense - Dicker Data
The Federal government wants to bolster female participation in the tech industry to at least 40% by 2030. Here's how one homegrown Australian company has already reached that goal.
Story image
New Relic
New Relic looks to observability market with new partner programme
New Relic has announced the availability of New Relic Partner Stack, an enhanced programme expanding New Relic’s commitment to partners.
Story image
Digital Transformation
Google Cloud launches new Digital Accelerator bundles for Aussie SMBs
The new bundles are designed to help Australian small and medium-sized businesses embrace digital transformation and take their businesses online.
Story image
BitTitan
How to achieve your monthly recurring revenue goals
Monthly recurring revenue (MRR) is the ultimate goal, the most important issue on which anyone in the IT channel should focus.
Story image
Macquarie Data Centres
Macquarie deal to pioneer CO2-cutting data centre tech in Australia
Macquarie Data Centres has signed a multi-year deal with ResetData, an Australian first provider using Submer data centre technology. 
Story image
Citrix
The best ways to attract young talent during labour shortages
New research from Citrix reveals hybrid working and ventures into the metaverse are top of mind for Gen Z workers.
Story image
Data Protection
Five signs your business is ready to move to the cloud
Many organisations are thinking about moving to the cloud. But what are the signs you are ready, and what are the reasons to move?
Story image
Sustainability
Honeywell launches new carbon energy management software for buildings
The new Carbon & Energy Management service allows building owners to track and optimise energy performance against carbon reduction goals, down to a device or asset level.
Story image
Wiise
Four things wholesale distributors need to consider for FY2023
In a post-pandemic world, there are many things for a distribution business to juggle. ERP solutions company Wiise narrows down what companies should focus on.
Story image
Hybrid Cloud
HPE GreenLake advances hybrid cloud experience with new services
"The innovations unveiled today further build on our vision to provide the market with an unmatched platform to spur innovation and drive transformation.”
Story image
Cybersecurity
Zero trust security adoption rises 27% in just two years
A survey of WAN managers has revealed that multi-factor authentication and single sign-on are the top zero trust features implemented.
Story image
Cybersecurity
FIDO Alliance releases guidelines for optimising UX with FIDO Security Keys
The new guidelines aim to accelerate multi-factor authentication deployment and adoption with FIDO security keys.
Story image
Enterprise Resource Planning / ERP
Five ways your ERP is letting you down and why its time for a change
Wiise explains while moving to a new system may seem daunting, the truth is that legacy systems could be holding your business back.
Story image
Accounting
Four factors to consider when choosing the right job accounting solution
Progressive job-based businesses can achieve success by strengthening their ability to quantify every cost attributable to the delivery of an outcome for a customer.
Story image
Identity and Access Management
Ping Identity named a Leader in Access Management
Ping Identity has been named a leader in the 2022 KuppingerCole Leadership Compass report for Access Management. 
Story image
Data
MYOB improves data visibility and user access with Snowflake
"Solutions such as Snowflake allow us to better understand our customers and make evidence-based decisions on what features work best for them."
Productivity
Discover the 5 ways your ERP may be letting you down. Is your current system outdated, difficult to manage, and costing you a fortune?
Link image
Story image
Cyber Criminal
Identity and access: the fight is on
Blue team defenders are used to protecting our data, applications, and users with access controls and other security mechanisms, which is why attacks like this are especially challenging when they target identity and access control systems.
Digital Transformation
Discover the 5 signs your business is ready for a cloud-based ERP. Is your business being left behind as more of your competitors switch to the cloud?
Link image
Story image
WatchGuard Technologies
Ransomware volume doubled 2021 total by end of Q1 2022
Ransomware detections in the first quarter of this year doubled the total volume reported for 2021, according to a new report. 
Story image
Design
Hands-on review: Phillips Hue starter kit
The set-up was one of the simplest I have ever had to do. It is also where the products shine. I was able to connect the bridge, the three lightbulbs and the strip within 10 min.
Story image
HP Inc
Firmware attacks significant threat in age of hybrid work
Changing workforce dynamics are creating new challenges for IT teams around firmware security, according to new research.
Story image
Manufacturing
Sutton Tools deploys Infor M3 CloudSuite for manufacturing
Sutton Tools has also implemented the Infor OS cloud operating platform, including Infor Intelligent Open Network and Mongoose.
Story image
Infrastructure
Global investment in data centers more than doubled in 2021
DLA Piper's latest global survey finds the total investment in data center infrastructure worldwide rose from USD $24.4 billion in 2020 to USD $53.8 billion in 2021.
Story image
Retail
Australia Post Online Retail Industry Awards finalists for 2022 announced
Finalists have been announced for this year's 2022 Australia Post Online Retail Industry Awards (ORIAS Awards), recognising the achievements of online retailers in Australia.
Story image
Oracle Cloud
Commvault, Oracle to deliver Metallic Data Management as a Service
"We are excited to partner with Commvault and enable our customers to restore and recover their most mission-critical cloud data."
Story image
Salesforce
Data crucial to capture shoppers' wallets post-COVID
First-party data strategies key to driving personalisation, customer satisfaction, and long-lasting relationships according to a new report.
Story image
Gaming
Hands-on review: 16GB PNY XLR8 Gaming EPIC-X 3600MHz DDR4
PNY sent over its 16GB XLR8 Gaming EPIC-X 3600MHz CL16 DDR4 module kit for testing. The kit contains two 8GB dual-channel modules with RGB lighting.
Supply chain
Discover the 4 critical priorities for wholesale distribution businesses in FY23. Are you worried about how supply chain issues may affect your business in 2023?
Link image
Story image
Infrastructure
Oracle Cloud Infrastructure expands distributed cloud services
“Distributed cloud is the next evolution of cloud computing, and provides customers with more flexibility and control in how they deploy cloud resources."
Story image
Cloudian
Cloudian, Vertica to deliver on-premise data warehouse platform
"We’re enabling our customers to capitalise on a leading object storage platform and maximise the value of their digital assets.”
Story image
Public Cloud
Public cloud services revenues top $400 billion in 2021
"For the next several years, leading cloud providers will play a critical role in helping enterprises navigate the current storms of disruption."
Project management
Discover the 4 crucial factors for choosing the right job-costing solution. Is your team struggling to cost jobs and keep projects running on budget?
Link image
Story image
Hybrid workforce
Why hybrid working is here to stay and how to ace it
Citrix's new report reveals hybrid workers are more productive and engaged at work than their office and completely remote counterparts.
Story image
Ransomware
Secureworks reveals new information on BRONZE STARLIGHT threat group
New research from Secureworks has uncovered new information on the Chinese threat group BRONZE STARLIGHT and how they are using targeted ransomware to initiate complicated attacks.
Story image
MSP
Video: 10 Minute IT Jams - An update from CyberArk
Olly Stimpson joins us today to discuss the importance of MSP programmes and how MSP partners are experiencing success with CyberArk.
Story image
Civil Defence
OutSystems platform chosen as part of ADF contract
"To be included in this project is a reflection of our ability to deliver secure, modern digital outcomes for defence at an incredible pace."
Story image
Payroll
How New South Wales state departments achieved cloud migration success
State departments in New South Wales are heading to the cloud to achieve better workflow solutions, and one company is paving the way for their success.
Story image
Samsung
Monitors are an excellent incentive for getting employees back
The pandemic has taught us that hybrid working is a lot easier than we would’ve thought, so how can the office be made to feel as comfortable as home? The answer could be staring you in the face right now.