The State of Application Security Q2 2024 annual report is based on a sample size of 1400+ websites and applications that were analysed between April 1, 2024, and June 30, 2024.
During this period, various enterprise, government, and SME websites were analysed. The below figure illustrates the diversity of industries represented in this report.
Apart from the above-mentioned analysis of the sites, Indusface also surveyed over 300+ CISOs, CTOs, and other security leaders to understand their pain points related to application security concerns and challenges faced due to DDoS, Bot, and API attacks.
Here are some of the key findings from the report:
- Over 2.37 billion attacks were blocked from 1st April 2024 to 30th June 2024
- On average, 960K attacks were blocked per website
- Cyberattacks grew by 105% in the Q2 of 2024 compared to the Q2 of 2023
- Bot attacks rose by 213% in Q2 2024 compared to Q2 2023:
- 276+ million bot attacks in Q2 2024
- 835+ million DDoS attacks in Q2 2024
- 6 out of 10 sites witnessed a DDoS attack, whereas 9 out of 10 sites witnessed a bot attack
- 25K critical and high vulnerabilities were found - 31% of these vulnerabilities were open for 180+ days
- Attacks on vulnerabilities grew by 1,200% in Q2 2024 compared to Q2 2023. A big part of this could be because of the widespread use of LLM tools such as ChatGPT enabling novice hackers to easily find and deploy scripts that could exploit open vulnerabilities
- The cyberattacks in India grew by 115% in the Q2 of 2024 compared to the Q2 of 2023
- 59% of attacks have been blocked with application-specific virtual patches and security policies, thereby reinforcing the importance of managed WAAP
- The Small and Medium Businesses (SMBs) globally faced over 559 million attacks across a sample of 500 websites in Q2 2024
- DDoS is the #1 attack vector, where each website/app is seeing 124% more DDoS attacks when compared to the enterprise apps. This could be because DDoS attack monitoring requires either a managed WAAP or a specialised, 24x7 security operations centers (SOC) and SMBs can ill-afford them
- Power and energy companies faced up to 25 times higher number of attacks than the industry average. This could be because non-regulated industries with less stringent security requirements are soft targets for hackers
- SQL injection attack is the top vulnerability attack in the Banking, Financial Services, Insurance, Healthcare, and Retail sectors, thereby reinforcing the importance of protecting critical customer data, including PII, credit card information and others that these applications host
- The banking, financial services and insurance sectors witnessed 45%-60% higher bot attacks • The manufacturing industry faces 10X higher cross-site scripting (XSS) attacks compared to other industries
