Top 5 Web Attack Trends Post-COVID
It’s been nearly half a year since the COVID-19 outbreak became a global pandemic. Many countries are left with no choice but to implement temporary lockdowns and necessary social distancing measures to flatten the curve of the spread and protect their citizens. This contactless lifestyle has not only changed our offline way of life, but also our behaviors online.
According to an analysis of internet usage conducted by the New York Times, there has been a significant surge in website traffic since the beginning of social distancing. Among them, social media and media streaming services like Facebook, YouTube, and Netflix have seen significant increases in the number of visitors. However, compared to website traffic, traffic to mobile apps have been relatively steady, since most people are accessing these services at home with their PCs readily available.
The overall increase in website traffic means opportunities for cybercriminals. The more traffic a website receives, the greater the leverage for hackers. By analyzing major cybersecurity incidents during the past six months, we found five web attack trends that are likely here to stay for a while.
1. Highly sophisticated email phishing attacks
Despite being one of the most old-fashioned attack methods, we have seen significant growth in the number of reported phishing attacks since the beginning of the COVID-19 outbreak. Phishing campaigns tend to exploit people’s fear and desperation over certain economic and social issues. Thus, COVID-19 has become the perfect theme for phishing.
Email phishing is used by threat actors for a variety of purposes. Most likely, attackers would inject malware into links or downloadable files to get into the victim’s computer. These malware programs can then help the hacker gain access to the database servers, allowing them to view, exfiltrate, or encrypt the data (in the case of ransomware).
With an increased number of remote workers, corporate email accounts have become the main target of phishing. Home networks lack proper security measures, making intrusion easier. When the employee connects to the corporate network at a later time, attackers could easily gain entry into the corporate IT system.
2. Denial-of-service attacks from increasingly distributed botnets
Perhaps due to the rise of remote workers and sophisticated email phishing, botnets have become increasingly distributed, spanning across huge amounts of home and public IP addresses, making them extremely difficult to detect.
These botnets are then used to launch distributed denial-of-service (DDoS) attacks, forcing websites to shut down by flooding them with tremendous traffic. International organizations, government agencies, and healthcare providers have become some of the main targets of DDoS attacks during this pandemic. Oftentimes, DDoS attacks are initiated for political and social gains.
3. Increased attacks on industries facing offline-online transition
Unanticipated social distancing has caught many industries off-guard. From governments and healthcare providers to schools and retail shops, all are desperately moving their services online. Compared to offline services, online services are more automated and thus require the storage and usage of detailed customer information, preferences, and history.
In a short period of time, organizations need to expand server storage, transfer databases, and upgrade their IT infrastructure. During this transition process, web applications tend to be less prepared and IT systems tend to be more vulnerable to external threats. Web attacks like cross site scripting (XSS) and SQL injection can exploit these weaknesses, granting attackers access to the web hosting servers.
4. Surge in Magecart attacks on online retailers
With everyone avoiding crowded places like shopping centers and grocery stores, online shopping has become the standard way to shop. Not only are offline businesses moving online, existing online retailers are seeing remarkable growth in sales.
As such, businesses with newly adopted online shopping platforms and those with outdated and unpatched websites are all vulnerable to Magecart attacks. These are attacks that inject payment card skimmers into online payment forms to secretly collect customers’ personal and financial information, which would then be sold or used to make fraudulent purchases.
As the volume of online sales continues to grow, Magecart attacks are likely to escalate.
5. Credential cracking and account takeover (ATO) attacks
Commonly known as brute force attacks, credential cracking is when attackers deploy bots to try tremendous amounts of username-password combinations in an effort to break into user accounts. Sophisticated bots are equipped with machine learning capabilities to break through multi-factor authentications and even solve CAPTCHAs. Many of these attacks target online shopping platforms as they tend to contain detailed customer information.
WAPPLES, a web protection authority
Despite a slowing economy during the pandemic, cybercrime activities are soaring up. Modern threat actors are extremely sophisticated and their attack patterns are getting better at dodging security measures. Smart attacks can only be mitigated by smart defense. This is why machine learning technology is necessary to effectively detect and eliminate these threats.
WAPPLES is a logical web application firewall powered by COCEPTM, an AI-based intrusion detection engine equipped with machine learning technology.
By analyzing HTTP and HTTPS traffic, WAPPLES is capable of detecting botnets hidden under high-quality home and public IP addresses, protecting web applications from DDoS attacks. By automatically updating its signature list based on machine learning, suspicious activities can be detected and stopped with low false-positive rates.
WAPPLES protects websites from all the new attack trends, eliminating any opportunities for cross site scripting (XSS), SQL injection, Magecart-style skimmers, and brute force attacks.
To learn more about WAPPLES, click here.
Check out Penta Security’s product lines:
Web Application Firewall: WAPPLES
Web Application Firewall for Cloud: WAPPLES SA
Database Encryption: D’Amo
Authentication: ISign+
Smart Car Security: AutoCrypt