/dqc/media/agency_attachments/3bO5lX4bneNNijz3HbB7.jpg)
Follow Us/dqc/media/post_banners/wp-content/uploads/2022/01/istockphoto-1061357610-170667a.jpg)
Indusface, a TCGF II (Tata Capital) funded, rapidly growing Application Security SaaS company, recently released its State of Application Security Q1, (Jan – March) 2023 Report. The report indicates how the Indusface AppTrana network blocked over 500 million cyberattacks in India out of 1 billion global attacks. This represents a sharp increase of over 29% in the number of cyberattacks in Q1, 2023 compared to Q4, 2022 (829 million attacks), globally.
The report reveals that on average the BFSI sector faces 38% more cyberattacks per application compared to the industry average, with over 973K attacks per website.
It was particularly alarming for the Indian insurance sector, where we found that 11% of all requests on insurance websites are attacked and this number is just 4% as an industry average.
As an industry, the insurance sector looks to be more lucrative and therefore, instead of using DDoS to get ransom, 99% of attacks are vulnerability attacks such as SQLi, XSS and probe attacks using botnets.
Despite finding 24,000+ critical, medium and high vulnerabilities during the period, and more than 31% of these had remained open for over 6 months, security leaders are able to thwart attacks using virtual patching.
While this gives comfort to security leaders, in Q1 2023 1287 applications were attacked by bots versus 743 applications in Q4 2022, an increase of 73%. Even in that, when compared to the industry average, BFS and insurance companies receive 75% and 33% more bot attacks respectively. Our hypothesis is that hackers are actively running probes using botnets to find vulnerabilities and then attack.
Commenting on the report, Ashish Tandon, CEO of Indusface said, "It is interesting to see how industries such as BFSI and Healthcare are more targeted by vulnerability and bot attacks. Clearly, attackers are more interested in Personally Identifiable Information (PII) from these sectors. That said, other industries including SaaS and manufacturing are more targeted by DDoS attacks. Possibly application availability is a bigger challenge for these sectors. Also, compute power is extremely cheap to hire and this makes launching DDoS attacks extremely easy.” Ashish further added “A complete WAAP product like AppTrana that bundles VAPT, DDoS & Bot protection, a 24-hour virtual patching guarantee for critical vulnerabilities is the need of the hour.”.
A positive side of the current scenario is that 68% of the attacks were blocked by using AppTrana’s core rules set, and 32% were blocked using custom rules. This is clear proof that managed services and custom rules are critical for security teams globally.