Cyber Security Cloud, Inc. released its cyber-attack detection report for the first half of 2020 (January 1 to June 30, 2020). This data was analyzed and calculated by aggregating the attack logs observed by CSC's services, "Shadankun", a cloud-based WAF that visualizes and blocks cyber-attacks on websites, and "WafCharm", a service for automation of AWS WAF operations using AI.
■ Research Overview
・Period: January 1, 2020 to June 30, 2020
・Target: User accounts using "Shadankun" and "WafCharm"
・Method: Analysis of attack logs observed by "Shadankun" and "WafCharm"
■ Attack situation
[Total number of attacks]
During this period, the total number of cyber-attacks detected on websites with "Shadankun" or "WafCharm" amounted to 147,762,255 attacks. Among them, May was the most heavily affected month, with 29,039,856 attacks detected.
[No. of attacks per day before and after the declaration of the state of emergency]
Furthermore, based on a comparison of the average number of attacks per day before and after the declaration of the state of emergency in Japan, CSC found that during the period from April 7th to May 25th, 909,158 attacks were detected, which is 19% more than the number before the declaration was issued. Also, after the emergency declaration was lifted, the number of attacks decreased but increased by about 6 percent compared to the number before the declaration was issued.
During the period, of the 10 main types of attacks, "Blacklisted user agent," an attack by a bot using a vulnerability scanning tool, accounted for 59,979,416 attacks, or 40.6% of the total. "Web attacks," which are attacks against vulnerabilities in the software that makes up a web server, accounted for 37,587,944 (25.4%), followed by "web scan," a method of searching and investigating the target of an attack or looking for vulnerabilities through a simple random attack, accounted for 14,300,917 (9.7%) of the total. Compared to the number of attacks for the same period in the previous year, the number of blacklisted user agents and web scans increased by a factor of 1.5 times and 1.1 times, respectively, while the number of web attacks increased by more than three times.
Furthermore, while "web attacks" accounted for about 18.9% of all attacks between January 1 and 31, 2020, they increased to 29.8% between May 1 and 30, 2020, and its threat increased with the spread of the new coronavirus.
※About Blacklisted User Agent
The "Blacklisted User Agent" detects attacks by Bot using vulnerability scanning tools, such as ZmEu, Nikto, Morfeus, etc.
※About Web Attack
A "Web attack" is an attack detected against a vulnerability in the software that makes up a Web server.
■ Comment from Mr. Yoji Watanabe, CTO of Cyber Security Cloud, Inc.
Looking back at the first half of 2020, Microsoft's Internet Explorer in the United States made headlines in January 2020 when it announced that it had been hit by a zero-day attack. A zero-day attack is an attack that exploits a vulnerability for which there is no fix, and therefore it is also a very difficult attack to detect. That's why even Internet Explorer, which is provided by Microsoft, a major company, has been affected by these attacks. Thus, cyber-attacks are becoming more sophisticated all the time, and companies need to constantly update their countermeasures.
According to our research, the number of cyber-attacks increased during the period when the state of emergency was declared in Japan due to the new coronavirus, with a sharp increase in "web attacks". It is highly likely that attacks increased during this period due to the increased adoption of telework in enterprises and the Golden Week holiday.
With the summer vacation and other long holidays approaching, there is growing concern about the spread of coronavirus infection, and it will be even more important to strengthen measures against such attacks.
The objectives and methods of cyber attacks are diversifying, and they are always on the lookout for the right moment to attack. Regardless of the size of the company, organizations with websites are increasingly aware of the importance of countermeasures against these cyber attacks.
■ About Shadankun
Cloud-based WAF "Shadankun" is a web security service that detects and blocks cyber-attacks on websites and web servers. Utilizing Cyneural, an attack detection AI engine using deep learning, it detects general attacks as well as unknown attacks and false-positives at high speeds, while Cyhorus, one of the world's leading threat intelligence teams, quickly responds to the latest threats. Also, it has been ranked No. 1 in Japan in terms of adoption rate. *1
For more information, please visit https://www.shadan-kun.com/
■ About WafCharm
WafCharm is an AI-based automatic rule (signature) management service for AWS WAF, which has the largest number of installed users in Japan*2. It is equipped with an AI engine "WRAO" *3(Patent No. 6375047) that automatically selects the most optimal WAF rules using machine learning, based on trillions of Big Data cultivated through in-house developed cloud-based WAF “Shadankun”, which has No. 1 adoption rate in Japan. *1
The cyber threat information monitoring team of security researchers "Cyhorus" responds quickly to the latest threats, and by offering individual customization by top-class security engineers with flexible services tailored to the needs of customers, WafCharm has made AWS WAF operations easier for users. It is available to over 1 million AWS users in over 190 countries.
For more information, please visit https://www.wafcharm.com/en/
■ About Cyber Security Cloud, Inc.
With an aim to create a secure cyberspace that people around the world can use safely, Cyber Security Cloud provides web application security services worldwide using the world's leading cyber threat intelligence and AI technology. CSC is also certified as the 7th AWS WAF Managed Rules Seller in the world by AWS (Amazon Web Service) which boasts a 47.8% global cloud market share. *4
As a leading cybersecurity company, CSC plans to continue to strive to improve and develop new technologies and aim to be a company that can deliver effective security solutions to contribute to the information revolution.
For more information, please visit https://www.cscloud.co.jp/en/
*1: Market research on "cloud-based WAF services" (as of June 16, 2019) [Research by ESP Research Institute (May 2019 to June 2019)]
*2: Japan Marketing Research Organization (JMRO) Survey Summary: FY07/2020_Actual survey
*3: Only compatible with AWS WAF Classic.
*4: Gartner(July 2019)･･･Worldwide Iaas Public Cloud Services Market Share, 2017-2018 (Millions of U.S. Dollars)