Alarming Rise In Cyber Threats Targeting Indian Websites, APIs: Indusface Report
The banking, financial services and insurance sectors witnessed 45–60% higher bot attacks.
There has been a 115% surge in cyber threats targeting Indian websites and application programming interfaces in April–June 2024, according to the State of Application Security Report by Indusface, an application security SaaS company.
The company's AppTrana WAAP platform blocked over 2.37 billion threats during this period. On average, 9.6 lakh attacks were blocked per website, the report showed.
Bot attacks rose by 213% in Q2 2024 compared to a year earlier, with over 276 million incidents recorded. Distributed denial-of-service attacks also surged, totalling 835 million and affecting 60% of all sites monitored. In total, six out of 10 sites witnessed a DDoS attack, whereas nine out of 10 sites experienced a bot attack.
Power and energy companies faced up to 25 times more attacks than the industry average, likely because non-regulated industries with less stringent security requirements are soft targets for hackers, the report noted.
The banking, financial services and insurance sectors witnessed 45–60% higher bot attacks. Around 90% of the BFSI sites and all healthcare sites were targeted by bad bots that are typically used for account takeover, card cracking, skimming and other attacks.
SQL injection attacks were the top vulnerability in the BFSI, healthcare and retail sectors, underlining the importance of protecting customer data, including personally identifiable information and credit card information. Additionally, the manufacturing industry faced 10 times higher cross-site scripting attacks than other sectors.
The report revealed a staggering 1,200% increase in attacks targeting vulnerabilities, driven by the proliferation of cyber exploitation tools. The accessibility of technologies like large language models has lowered the barrier for hackers, significantly intensifying the threat landscape. A total of 25,000 critical and high vulnerabilities were found, with 31% of these vulnerabilities open for over 180 days.
“Attacks exploiting known vulnerabilities have surged by 1,200%, and bot attacks have risen by 200%. This increase could be attributed to the widespread adoption of large language models, particularly among less-experienced hackers," Ashish Tandon, chief executive officer of Indusface, said.
Small and medium businesses globally faced over 559 million attacks. DDoS was the number one attack vector, with each website/app seeing 124% more DDoS attacks compared to enterprise apps. This could be because DDoS attack monitoring requires either a managed WAAP or specialised, 24/7 security operations centres, which SMBs can't afford.
"Advanced bots are increasingly targeting enterprise applications, while SMBs are facing a rise in DDoS attacks. Blocking sophisticated bots remains challenging even for enterprises with robust security tools and dedicated teams, while SMBs often lack the budget for effective managed solutions to combat DDoS attacks," Tandon said.
The report indicated the need for robust, managed security solutions. Of the total attacks, 59% were mitigated using application-specific security policies. The remaining 41% were shielded by out-of-the-box security policies.