The most common types of web application attacks were broken access controls and injection attacks, which together represented more than 75% of the total.
Banking and finance, SaaS, and retail were the industries most subject to web application attacks in 2021.
Last year also saw multiple record-breaking DDoS attacks, and ransom denial-of-service attacks became much more common. The idea is that a large number of micro floods over a longer period of time causes the victim to increase infrastructure resources until their service becomes cost prohibitive.
2021's top sectors for DDoS attacks were gaming, retail, government, healthcare, technology, and finance. Ransom DDoS attacks on VoIP providers were a particular concern.
“The statistics tell a story about bad actors. They are getting smarter, more organised, and more targeted in pursuing their objectives — whether that be for money, fame, or a political cause,” said Radware director of threat intelligence Pascal Geenens.
“In addition, cybercriminals are shifting their attack patterns – from leveraging larger attack vectors to combining multiple vectors in more complex-to-mitigate campaigns. Ransomware operators and their affiliates, which now include DDoS-for-hire actors, are working with a whole new level of professionalism and discipline – something that we have not seen before.”
Radware’s 2021-2022 Global Threat Analysis Report is available here.