New research unveils surge in automated cyber crime

Released in Barracuda’s most recent ‘Threat Spotlight’, the data found that the top five web application attack types were dominated by those performed using automated tools, and these five attack types alone contributed to over 54% of all cyber attacks blocked by Barracuda in November and December 2020. The research concluded that cyber criminals are increasingly turning to bots and automation to make their attacks more efficient and effective and help them avoid detection.

The most significant attack type recorded were fuzzing attacks, which use automation to try to find and exploit the points at which applications break - one in five (19.5%) of attacks recorded by Barracuda researchers were diagnosed as Fuzzing attacks.

The second most significant attack types was made up by Injection Attacks, contributing 12% to the total recorded. These use automated tools like sqlmap to try to get into applications, and they often involve script-kiddie level noise - attacks being thrown at an application without reconnaissance to customise the breach attempt.

‘Fake Bots’, defined as automated attacks pretending to be a Google bot or similar, were a close third, accounting for just over 12% of the web application attacks analysed. Application DDoS (Distributed Denial of Service) was also surprisingly prevalent, making up more than 9% of the sample Barracuda researchers analysed. Finally, a small portion of attacks (less than 2%) come from bots blocked by site admins.

The ‘Threat Spotlight’ also revealed that although bot traffic is a fast-growing problem, it doesn’t mean cyber criminals are moving away from their old standbys, as a large part of the attacks analysed are what could be considered classic web app attacks, such as injection attacks (12%) and cross-site scripting (XSS) (1%.)  Most of the attack traffic came from reconnaissance tools or fuzzing tools being used to probe applications, as noted above.

Tushar Richabadas, Senior Product Marketing Manager, Barracuda Networks commented: “Automated attacks can overwhelm or infiltrate web applications, and defending against all the varieties of automated attacks can be daunting.

“The good news is that multi-purpose solutions are consolidating into Web Application Firewall and WAF-as-a-Service solutions, also known as Web Application and API Protection services (WAAP). Thus, organisations looking to bolster their defences against this growing threat should look for a WAAP solution that includes bot mitigation, DDoS protection, API security, and credential stuffing protection, as a minimum, and also make sure it is properly configured.

“It is also important to stay informed about current threats and how they are evolving, so that your business can be defended against them. Over the coming year we can expect automated bot attacks, attacks against APIs, and attacks against software supply chains to develop in quantity and sophistication, especially as these newer attacks have fewer protections and defences blocking them.”