A recent study by CrowdStrike showed more cyberattacks in the first six months of this year than in all of 2019 in the network activity of Crowdstrike customers. It’s a trend that’s been confirmed by other recent studies done this year.
Crowdstrike detected around 41,000 potential attacks just between Jan. 1 and June 30 this year compared with 35,000 for all of last year. As with other studies on the increase in cyberattacks, it’s believed that one of the biggest causes for the increased threat activity was the rapid adoption of remote workforces in response to the COVID-19 pandemic. By going remote, the workforce provided a significantly expanded attack surface at many organizations, and it appears that threat actors were quick to try and exploit this new found opportunity.
The study also found that the easy availability of hacking tools, like ransomware-as-a-service (RaaS) offerings also contributed to the increased activity. And like other studies, they found that financial motivation amongst cyber criminals was an increasingly popular driving factor behind the attacks, with 82% of the attacks falling into the e-crime (financially motivated crimes) category, compared with 69% in 2019.
Organizations in the financial, technology, and telecommunications sectors were targeted more heavily than organizations in other sectors. Of concern though was the increasing attacks on manufacturing companies, which became the second most frequently targeted behind technology companies. The study concluded that “the critical nature of most manufacturing operations and the valuable intellectual property and other data that manufacturing companies hold have made the sector an attractive target for both financially motivated attackers and nation-state threat groups.”
With the increase in attacks and the advanced nature of these threats, including those that attack web applications, organizations need to re-evaluate how they are handling security for their applications. While many organizations may be using EDR solutions like the one from Crowdstrike, it’s important to remember to have a security framework that offers a defense-in-depth architecture. May be it’s time to take a hint from the recent finalization of the National Institute of Standards and Technology (NIST)’s SP800-53 that was just released on September 23, 2020. The new security and privacy framework standard now requires Runtime Application Self-Protection (RASP) as an added layer of security in the framework.
RASP solutions like the one from K2 Cyber Security offer significant application protection, including protection of vulnerable applications, while at the same time using minimal resources and adding negligible latency to an application. K2 Security Platform uses runtime deterministic security to monitor the application and has a deep understanding of the application’s control flows, DNA and execution. By validating the application’s control flows, deterministic security is based on the application itself, rather than relying on past attacks to determine a zero day attack. Deterministic security results in the detection of sophisticated zero day attacks and also protects from application from the risks listed in the OWASP Top Ten, including XSS and SQL Injection.
K2’s Next Generation Application Workload Protection Platform addresses today’s need for runtime security in an easy to use, easy to deploy solution. K2’s unique deterministic security detects new attacks without the need to rely on past attack knowledge, is lightweight, and adds under a millisecond of latency to the running application. To aid in quick remediation of vulnerabilities, K2 also provides detailed attack telemetry including the code module and line number being in the code being attacked, while at the same time integrating with leading firewalls to do real time attacker blocking.
Change how you protect your applications, and check out K2’s web application and application workload security solution.