India 7th Most Targeted Country for Web Application Attacks in the World: Report
The United States topped the list of target countries for web application attacks in the fourth quarter of 2017, according to a report by Akamai Technologies.
India was the seventh most targeted country for web application attacks in the fourth quarter of 2017, according to a report released on Feb. 20 by content delivery network services Akamai Technologies.
The report, titled Fourth Quarter, 2017 State of the Internet / Security Report, placed the United States at the top on the list of the target countries for web application attacks in the last quarter of 2017, with a count of 238,643,360 incidents. Brazil followed with 21,900,411 attacks, while United Kingdom, with 19,385,710 attacks, was ranked third. Canada came next with 17,459,934 attacks.
India witnessed 11,546,530 incidents of web application attacks, ahead of Japan (10,510,981), and Australia (9,758,428).
The data analyzed more than 7.3 trillion bot requests per month and found a sharp increase in the threat of credential abuse, with more than 40 percent of login attempts being malicious. It also indicated that Distributed Denial of Service (DDoS) attacks remain a consistent threat and the Mirai botnet, which is a self-propagating botnet virus, is still capable of strong bursts of activity.
“A key motive of attackers has always been financial profit. In the past few years, we have seen adversaries move to more direct methods to achieve that goal such as ransomware,” Martin McKeay, Akamai’s senior security advocate and senior editor of the report, said. He added that crypto mining gives attackers the most direct path to monetize efforts by putting money immediately into their cryptowallets.
“Enterprises need to watch who is accessing their sites to differentiate actual humans from both legitimate and malicious bots. Not all web traffic and not all bots are created equal,” McKeay said.
India was also ranked seventh in the list of source countries for web application attacks in Q4 of 2017, with the number of attacks sourced from the country recorded at 16,489,773. The United States topped this list, with 128,013,378 attacks sourced from the country, followed by the Netherlands with 47,433,432 attacks.
McKeay added that increased automation and data mining have caused a massive flood of bot traffic to impact websites and internet services. “Although most of that traffic is useful for internet businesses, cybercriminals are looking to manipulate the powerful volume of bots for nefarious gains,” he said.
According to the report, on a typical day, Akamai monitors more than 2,750 bot requests per second, accounting for more than 30 percent of all pure web traffic, excluding video streaming, across its platform. While much of that bot activity is legitimate, cybercriminals are increasingly leveraging it for malicious use.
Retail organizations saw a total of 2.8 billion login attempts, of which 36 per cent were considered to be malicious. “Compared to the cross-industry average of 43 per cent, retail received relatively few attacks. High tech companies saw 1.4 billion total login attempts, of which 57 per cent were deemed malicious. But the far and away winner (or loser) in this category was the hospitality industry,” said the report.
The hotel and travel industry saw 1.2 billion login attempts in November 2017, and 968 million were malicious attempts, according to Akamai. This meant that 82 per cent of login attempts at these sites, or more than four out of every five, were malicious, revealed the report.
Credential abuse, the report warned, whether by brute-force guessing or through the use of illegally acquired username and password lists, is not a problem that will disappear on its own. It raised an alarm bell regarding people constantly reusing passwords and several companies not monitoring the logins sufficiently.