Over 500 million cyberattacks blocked in India for Q1, 2023 – ‘The State of Application Security Report’ by Indusface (Jan – March, 2023)
- The Banking and Healthcare industries were the most hit with Bot attacks and more than 50% of these were blocked by custom rules
- The Insurance industry received 12X more attacks
Indusface, a TCGF II (Tata Capital) funded, rapidly growing Application Security SaaS company, recently released its State of Application Security Q1, (Jan – March) 2023 Report. The report indicates how the Indusface AppTrana network blocked over 500 million cyberattacks in India out of 1 billion global attacks. This represents a sharp increase of over 29% in the number of cyberattacks in Q1, 2023 compared to Q4, 2022 (829 million attacks), globally.
The report reveals that on average the BFSI sector faces 38% more attacks per application compared to the industry average, with over 973K attacks per website.
It was particularly alarming for the Indian insurance sector, where we found that 11% of all requests on insurance websites are attacked and this number is just 4% as an industry average.
As an industry, the insurance sector looks to be more lucrative and therefore, instead of using DDoS to get ransom, 99% of attacks are vulnerability attacks such as SQLi, XSS and probe attacks using botnets.
Despite finding 24,000+ critical, medium, and high vulnerabilities during the period, and more than 31% of these had remained open for over 6 months, security leaders are able to thwart attacks using virtual patching.
While this gives comfort to security leaders, in Q1 2023 1287 applications were attacked by bots versus 743 applications in Q4 2022, an increase of 73%. Even in that, when compared to the industry average, BFS and insurance companies receive 75% and 33% more bot attacks respectively. Our hypothesis is that hackers are actively running probes using botnets to find vulnerabilities and then attack.
Commenting on the report, Ashish Tandon, CEO of Indusface, said, “It is interesting to see how industries such as BFSI and Healthcare are more targeted by vulnerability and bot attacks. Clearly, attackers are more interested in Personally Identifiable Information(PII) from these sectors. That said, other industries including SaaS and manufacturing are more targeted by DDoS attacks. Possibly application availability is a bigger challenge for these sectors. Also, compute power is extremely cheap to hire and this makes launching DDoS attacks extremely easy.” Ashish further added “A complete WAAP product like AppTrana that bundles VAPT, DDoS & Bot protection, a 24-hour virtual patching guarantee for critical vulnerabilities is the need of the hour.”.
A positive side of the current scenario is that 68% of the attacks were blocked by using AppTrana’s core rules set, and 32% were blocked using custom rules. This is clear proof that managed services and custom rules are critical for security teams globally.
You can download the full report here.
About Indusface:
Indusface is a leading application security SaaS company which secures critical Web, Mobile and API applications of 4000+ global customers using its award winning fully managed platform that integrates web application scanner, web application firewall, DDoS, BOT Mitigation, CDN and threat intelligence engine. It was founded in 2012 by Ashish Tandon (CEO), Nandini Tandon (Chief People Officer), and Venkatesh Sundar (CMO).
Indusface has been funded by Tata Capital Growth Fund II, ranked #1 in overall ratings by 2022 Gartner Peer Insight ‘Voice of Customer’ report for WAF, is “Great Place to Work” certified SaaS product platform, is PCI, ISO27001, Soc2, GDPR certified and has been the recipient of many prestigious startup awards such as the Economic Times Top 25, Nasscom DSCI Top Security Company, Deloitte Asia Top 100, among others.
