In its Annual State of Application Security Report 2023, Indusface, a rapidly growing Application Security SaaS company funded by TCGF II (Tata Capital), has unveiled concerning insights regarding Cyberattacks on Indian enterprises, SMEs, and government organizations.
According to the report, Indusface’s AppTrana network successfully thwarted a staggering 6.8 billion cyberattacks globally, with a significant portion—5.14 billion—directed at Indian entities.
This surge in Cyberattacks on Indian enterprises witnessed an average quarterly spike of 63% from Q1 to Q4 in 2023, emphasizing the critical need for robust cybersecurity measures.
Industry Vulnerabilities Exposed
The Indusface report highlights the vulnerability of various industries, notably the healthcare sector, where 100% of sites faced bot attacks, and the banking, finance, and insurance industry, with 90% encountering similar threats.
Additionally, SaaS companies in India have emerged as prime targets for cybercriminals due to the valuable customer data they hold, experiencing a tenfold increase in cyberattacks.
The retail and e-commerce sectors were particularly susceptible to carding attacks, indicating the breadth of cyber threats across industries such as IT services, consulting, manufacturing, telecommunications, marketing, and advertising.
Cyberattacks on Indian Enterprises
In 2023, 8 out of 10 sites were targeted by bot attacks, witnessing a 46% increase each quarter, totaling over 467 million bot attacks. Cyberattack origins spanned beyond India, with significant contributions from the United States, the United Kingdom, Russia, Germany, and Singapore.
Distributed Denial of Service (DDoS) attacks also surged, recording a notable 46% increase each quarter, culminating in over 4.25 billion attacks in 2023. Alarmingly, four out of 10 sites experienced a DDoS onslaught, with botnet-driven low-rate HTTP DDoS attacks witnessing a worrisome uptick.
Despite the prevalence of DDoS threats, over 39% of enterprises expressed uncertainty regarding their ability to thwart large-scale attacks.
Insights from Indusface CEO
Ashish Tandon, CEO of Indusface, remarked on the evolving threat landscape, highlighting the rise of bad bots and the importance of AI-human collaboration in mitigating complex attacks.
“2023 was probably the year where bad bots took off. That was one attack vector that saw high double-digit increases in Q-o-Q. I would hazard a guess and attribute it to bad actors leveraging LLMs to deploy more bots at scale. Along with card cracking or credential stuffing, we also saw bot-driven, low-rate DDoS attacks being used more frequently,” said Tandon.
He emphasized the effectiveness of AI models in alerting managed services teams to anomalies, foreseeing this integrated approach as pivotal in combating multi-layered cyber threats in 2024.
“Coming to mitigation, we have seen reasonable success where AI models are alerting our managed services team of possible anomalies and the team is able to quickly take mitigation measures. I foresee this to be the theme in 2024, where a combination of AI + humans will be crucial to thwart complex, multi-layered attacks,” Tandon added.
The Indusface report also provides additional insights into vulnerability categories, zero-day vulnerabilities, and mitigation strategies. Notably, application-specific virtual patches played a crucial role in thwarting 60% of attacks, underscoring the significance of managed services in fortifying application security.
Moreover, the report identified over 29,000 critical and high vulnerabilities, with a concerning 32% remaining unresolved for over 180 days.
Survey Responses and Industry Perspectives
Survey responses from over 300 security leaders highlighted the disruptive impact of DDoS and bot attacks on businesses, with only 22% expressing confidence in their current WAF/WAAP solutions.
In conclusion, the State of Application Security Report 2023 highlights the pervasive threat of cyberattacks on Indian enterprises and the imperative for proactive cybersecurity measures.
As organizations navigate an increasingly complex threat landscape, collaboration between AI technologies and human expertise emerges as a key strategy in defending against evolving cyber threats.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
