www.imperva.com
Open in
urlscan Pro
45.60.73.225
Public Scan
URL:
https://www.imperva.com/cyber-threat-index/
Submission: On March 17 via manual from US — Scanned from US
Submission: On March 17 via manual from US — Scanned from US
Form analysis 2 forms found in the DOM
<form elem-id="" class="marketo-form" data-form-id="3495" data-form-args="form_args_1596538998" __bizdiag="-1715424994" __biza="WJ__"></form><form elem-id="" class="marketo-form" data-form-id="3543" data-form-args="form_args_1122673603" __bizdiag="-1715424994" __biza="WJ__"></form>Text Content
Under DDoS Attack?
+1 866 777 9980
Login
LoginCloud Security ConsoleBot Management ConsoleRASP Console
EN
EnglishENDeutschDEEspañolESPortuguêsPT-BR日本語日本語中文CN
Under DDoS Attack?
+1 866 777 9980
Start for FreeContact UsStart for FreeContact Us
Login
LoginCloud Security ConsoleBot Management ConsoleRASP Console
* Application Security
Application Security
Products
* Web Application Firewall
* Advanced Bot Protection
* Client-Side Protection
* Runtime Protection
* DDoS Protection
* API Security
Solutions
* Stop software supply chain attacks
* Prevent account takeover fraud
* Protect modern web applications
Resources
* Explore related assets
* Read blog posts
* Application Security Guide
* Data Security
Data Security
Products
* Database Risk and Compliance
* Data User Behavior Analytics
* Data Privacy
Solutions
* Safeguard sensitive and personal data
* Advance data governance
* Assure data compliance and privacy
* Securely move data to the cloud
Resources
* Explore related assets
* Read blog posts
* Data Security Guide
* Network Security
Network Security
Products
* DNS Protection
* DDoS Protection
* Content Delivery Network
Solutions
* Ensure consistent application availability
* Embed security into DevOps
* Stop software supply chain attacks
Resources
* Explore related assets
* Read blog posts
* Cloud-Native Security
Cloud-Native Security
Products
* Serverless Protection
* API Security
* Cloud Data Security
Solutions
* Embed security into DevOps
* Securely move data to the cloud
Resources
* Explore related assets
* Read blog posts
* Try Imperva Snapshot
* Security Automation
Security Automation
Products
* Imperva Sonar – SaaS
* Imperva Sonar – Anywhere
* Imperva Sonar Pricing and Plans
Solutions
* Automate insider threat management
* Contain malicious data activity
Resources
* Explore related assets
* Read blog posts
* More
More
* Industries
* Support
* Partners
* Customers
* Resources
* Company
Industries
Industries
One platform that meets your industry’s unique security needs.
* Government
* Healthcare
* Financial Services
* Telecom & ISPs
* Retail
Support
Support
Need support? Check out our channels.
* Technical Support
* Services
* Imperva University
* Community
* Support Portal Login
* Documentation
* EOL Policy
Partners
Partners
Channel Partners Program
* Imperva Partner Ecosystem
* Channel Partners
* Become a Channel Partner
* Find a Partner
* Partner Portal Login
Technology Alliances Partners (TAP)
* Technology Alliances Partners
* Become a TAP
* Find a TAP
Customers
Customers
Hear from those who trust us for comprehensive digital security.
* Imperva Customer Stories
Resources
Resources
Get the tools, resources and research you need.
* Resource Library
* Blog
* Events & Webinars
* Free Tools
* Cyber Threat Index
* Privacy, Compliance & Trust Center
* Imperva Product and Service Certifications
Company
Company
Get the tools, resources, and research you need.
* About Us
* Careers
* Press & Awards
* Contact Information
Home > Cyber Threat Index
CYBER THREAT INDEX
2022
2022202120202019
January
JanuaryFebruaryMarchAprilMayJuneJulyAugustSeptemberOctoberNovemberDecember
* Overview
* Application Security Threats
* Data Security Threats
* DDoS Threats
* Daily Attacks Map
Critical High Elevated Low Lowest
1000 850 700 550 400 0
Cyber Threat Index
January 2022
756
2%
January 2022
up 12 since last month
What is the Cyber Threat Index?
CYBER THREAT INDEX SCORE BY COUNTRY
CYBER THREAT INDEX SCORE BY INDUSTRY
View threat level by:
Country
Industry
Country
Global CTI Score
Japan
United States
Add country
Created with Highcharts 8.1.1Daily Cyber Threat Index ScoreGlobal CTI
ScoreJapanUnited StatesJanuary 03January 10January 17January 24January
31500550600650700750800850
Loading...
Industry
Global CTI Score
Financial Services
Retail
Sports
Add industry
Created with Highcharts 8.1.1Daily Cyber Threat Index ScoreGlobal CTI
ScoreFinancial ServicesRetailSportsJanuary 03January 10January 17January
24January 31500550600650700750800850
Loading...
INSIGHTS AND RECOMMENDATIONS
Imperva’s cloud networks, the same network that gathers the data behind our
Cyber Threat Index, also powers the suite of products that protects our
customers from those attacks every day. Start by reading our expert analysis on
this month’s most significant insights, and then click to take action below.
Increase in traffic and attacks to gambling and sports sites
Coinciding with the start of the Winter Olympics in Beijing, we have monitored
an increase in traffic (+43%) and attacks (+18%) on gambling and sports sites.
The main attack types are remote code execution and business logic abuse. In
these cases, attackers are trying to either inject malicious code to take over
the server or steal sensitive information related to the site and its users.
Take Action
×
INCREASE IN TRAFFIC AND ATTACKS TO GAMBLING AND SPORTS SITES
In advance of event- and season-driven attack increases, make sure your assets
can scale to protect your sites against intensified cyber attacks.
Learn more here
https://www.imperva.com/solutions/protecting-modern-web-applications/
Surge in encrypted DM traffic and attacks against News sites in the Ukraine
Attack incidents against Ukraine News sites grew by +56% . Most of the attacks
were carried out by automated tools and were spread across all OWASP top 10
categories.
Also, we notice a 20% increase in traffic to Ukraine sites referenced by
encrypted DM message applications (like Telegram) over the last three months.
APPLICATION SECURITY THREATS
Understand how applications are attacked globally. Learn the types of attacks
and the vulnerabilities exploited.
APPLICATION SECURITY HIGHLIGHTS
With visibility into global web application traffic from different industries,
the Cyber Threat Index is a comprehensive look at application security.
1.56 Trillion
Total Number of Requests Analyzed
57 Billion
Total Number of Application Attacks Blocked
ORIGIN OF WEB THREATS
This map reflects the relative amount of attacks per country, after normalizing
the number of attacks with legitimate traffic. Hover mouse over the countries to
see data.
Created with Highcharts 8.1.1
Least attacksMost attacks
COUNTRY VS COUNTRY HEATMAP
This heatmap shows attacks where countries are the source (attackers) or
destination (attacked) of application security attacks. The number represents a
relative, normalized value.
Created with Highcharts 8.1.1Source of AttackAttacked
CountriesAustraliaCanadaChinaFranceGermanyIndiaJapanRussiaSpainUnited
KingdomUnited StatesUnited StatesUnited
KingdomSpainRussiaJapanIndiaGermanyFranceChinaCanadaAustralia
Least attacksMost attacks
CYBER ATTACK TYPES
Breakdown of attack attempts seen in our network, split by attack types.
Created with Highcharts 8.1.1
Business Logic
28.5%
RCE/RFI
26.5%
Path Traversal/LFI
17.5%
XSS
14.0%
SQLi
4.7%
Backdoor/Trojan
3.3%
File Upload
2.3%
Spam
1.5%
Authentication Bypass
1.4%
Account Takeover
0.3%
CYBER ATTACKS BY SOURCE
Breakdown of attack attempts seen in our network, split by the source of the
attacking traffic.
Created with Highcharts 8.1.1
Anonymity Frameworks
3.7%
Scanning services
1.3%
Hosting Services
4.1%
Other
28.6%
ISP
1.6%
Public Cloud
60.7%
AUTOMATED VS HUMAN ATTACKS
Shows the proportion of bot and human traffic identified as performing attacks
within all observed traffic.
Created with Highcharts 8.1.1
Total Traffic Bot Traffic 39.7% Attacks 3.2% Good Bots 1%
ATTACKS OBSERVED BY TOOL USED
Shows the breakdown of attacks in our network by the type of tool used by
attackers.
Created with Highcharts 8.1.1
Other Bot
56.2%
HackingTool
16.4%
Browser
12.7%
VulnerabilityScanner
14.7%
VULNERABILITIES BY SEVERITY
Shows the number of disclosed vulnerabilities for every day of the month. These
vulnerabilities are separated by severity. Includes both CVE (Common
Vulnerabilities & Exposure) and ‘Non-CVEs’.
Created with Highcharts 8.1.1VulnerabilitiesHighMediumLowJanuary 03January
10January 17January 24January 31020406080
VULNERABILITIES BY ‘EXPLOITABILITY’
Breakdown of vulnerabilities disclosed by the “exploitability” (e.g. whether
there is a published exploit) of the disclosed vulnerability.
Created with Highcharts 8.1.1
No Exploit
51.6%
Private Exploit
17.6%
Public Exploit
30.8%
VULNERABILITIES BY ATTACK TYPE
Shows the breakdown of attack types for the published vulnerabilities.
Created with Highcharts 8.1.1
XSS
35.9%
SQLi
6.1%
File Upload
1.9%
RCE/RFI
51.1%
Path Traversal/LFI
4.5%
Authentication Bypass
0.3%
DATA SECURITY THREATS
Understand how databases are attacked and make sense of the vulnerabilities on
different platforms.
VULNERABILITIES BY SEVERITY
In the following chart you can see the disclosed vulnerabilities for every day
of the month. We separate them by their severity. This includes both CVE (Common
Vulnerabilities & Exposure) and ‘Non-CVEs’.
Low Severity
26
Vulnerabilities
Medium Severity
6
Vulnerabilities
HIGH Severity
0
Vulnerabilities
DDOS THREATS
Distributed denial of service (DDoS) attacks take a business offline. Understand
which industries and countries suffer the most and the different types of DDoS
attacks. Learn about the duration, size, and volume of DDoS attacks.
DDOS ATTACKS HIGHLIGHTS
Understand the duration of the longest attack. Know the size and volume of the
largest DDoS attacks. Learn more about DDoS here.
19 hours
Longest DDoS
attack
1611k RPS
Largest Web Application
DDoS attack
471 GBPS
Largest Bandwidth Network
Layer DDoS Attack
111 MPPS
Highest Volume Network
Layer DDoS Attack
APPLICATION LAYER DDOS ATTACK
Shows the volume of Application Layer attacks for each day of the month by the
maximum total requests per second (RPS) blocked by our DDoS mitigation service.
Created with Highcharts 8.1.1Attack volume (requests per second)Attack volume
(requests per second)January 03January 10January 17January 24January
310250k500k750k1,000k1,250k1,500k1,750k
DDOS ATTACKS BY ATTACKED COUNTRY
Breakdown of DDoS attacks by the attacked country.
Created with Highcharts 8.1.1
United States
46.6%
Spain
1.3%
Canada
1.4%
China
3.8%
Russia
0.3%
United Kingdom
37.7%
Germany
2.0%
France
1.4%
Australia
1.5%
India
1.2%
Japan
2.8%
DDOS ATTACKS BY ATTACKED INDUSTRY
Breakdown of DDoS attacks by the attacked industry.
Created with Highcharts 8.1.1
Gambling
5.7%
Games
10.6%
Finance
0.7%
Computers and Internet
82.0%
Business
1.0%
NETWORK LAYER DDOS ATTACK
Network layer attacks look to overwhelm the target by exhausting the available
bandwidth. Shows the attacks by their bandwidth and by volume.
Created with Highcharts 8.1.1Attack Rates (Million Packets PerSecond)Attack
Volume (Gigabits Per Second)Attacks Rate (Mega Packets Per Second)Attack Volume
(Gigabits Per Second)January 03January 10January 17January 24January
31025M50M75M100M125M0100G200G300G400G500G
NETWORK LAYER ATTACK VOLUME (GBPS) BY VECTOR
Breakdown of bandwidth volume (Gigabits per second) by the vector used in
network layer DDoS attacks.
Created with Highcharts 8.1.1
syn
2.7%
large_syn
32.1%
ssdp
0.8%
ntp
9.1%
dns
0.4%
general
1.8%
udp
33.9%
dns_response
9.1%
icmp
0.1%
tcp
10.0%
NETWORK LAYER ATTACK RATES (MPPS) BY VECTOR
Breakdown of attack rates (Mega packets per second) by the vector used in
network layer DDoS attacks.
Created with Highcharts 8.1.1
ntp
8.8%
tcp
23.5%
syn
17.8%
dns_response
3.2%
icmp
0.2%
large_syn
15.3%
dns
0.4%
general
9.5%
udp
20.2%
ssdp
1.1%
TAKE THE NEXT STEP
Our insights and recommendations are just the starting point. With Imperva’s
dedicated team by your side, and access to our cloud network-powered suite of
products, you can get protected, quicker.
Get in Touch
MEDIA INQUIRIES
Every month we update the Cyber Threat Index with the latest data and charts.
Please contact us for additional insight or to interview the threat researchers
from the Imperva Research Lab.
Contact Us
WHAT IS THE CYBER THREAT INDEX?
The Cyber Threat Index is a monthly measurement and analysis of the global cyber
threat landscape across data and applications.
The Cyber Threat Index provides an easy-to-understand score to track cyber
threat level consistently over time, as well as observe trends. The data is
(when applicable) also analyzed by industry and by country, to provide further
analytics and insights.
The Cyber Threat Index is calculated using data gathered from all Imperva
sensors across the world including over:
* Over 25 monthly PBs (Peta Bytes1015) of network traffic passed through our
CDN
* 30 billions (109) of monthly Web application attacks, across 1 trillion
(10¹²) of HTTP requests analyzed by our Web Application Firewall service
(Cloud WAF)
* Hundreds of monthly application and database vulnerabilities, as processed by
our security intelligence aggregation from multiple sources
Critical High Elevated Low Lowest
1000 850 700 550 400 0
Cyber Threat Index
January 2022
756
2%
January 2022
up 12 since last month
Viewers of the global Cyber Threat Index can dive deeper into the score &
drill-down for individual industries and countries, and also view historic Index
scores.
On a monthly basis, our security experts are analyzing the data, to create
insights about events and trends in data & application security based on the
data we see. When applicable, we may also suggest recommendations for enhancing
the security posture against the threats we see.
HOW IS THE INDEX CALCULATED?
The index is based on a number of ingredients: network traffic, attack traffic
and vulnerabilities.
We store attack data, as well as statistics about the network traffic we see
from our Cloud WAF. This data is sent from our Cloud WAF proxies to our data
warehouse, where it is enriched & aggregated.
On a daily basis, we run analytics on the data we collect, to calculate a daily
risk score per site, per industry & per country.
VULNERABILITIES
When calculating the vulnerabilities’ risk, our assessment is that:
* The more severe the vulnerability – the higher the risk (Impact can be
larger, for example: taking over a server vs disclosing system information)
* The more recent the vulnerability – the higher the risk (The assumption is
that patching of systems takes time, therefore there will be more vulnerable
systems accessible)
* If there is a public exploit, the risk is higher as more attackers has the
ability to exploit the vulnerability, and the more wide-spread it is the
higher the risk.
DDOS ATTACKS
We store statistics on both network DDoS attacks and application DDoS attacks.
Network DDoS attack statistics include details about the duration of the attack,
the volume of the attacks, number of sources and their proportion in the attack,
different ports and methods (e.g. SYN flood, amplification etc.). These
statistics are calculated and stored for attacks both in terms of packet per
second and in terms of bytes per second.
Application DDoS (Layer 7 DDoS attacks) statistics include information about the
duration of the attack, the volume of the attack, the tools that were used and
the different countries it originated from in terms of requests per second.
We normalize all DDoS attacks statistics against the statistics we have about
legitimate traffic, to prevent bias for increased/decreased amount of assets we
protect (Globally or for a certain industry/country).
APPLICATION SECURITY ATTACKS (AS SEEN IN THE WILD)
At first, instead of dealing with a huge amount of daily attacking requests, we
aggregate them into attacks (Each attack can have a very large number of HTTP
requests as part of it). For each attack, we check:
* The highest risk level of triggered rule within that attack (For example: an
SQL Injection attack has more weight than an information disclosure attack).
* The higher the intensity of the attack, the higher the risk.
* The newer the mitigation, the riskier the attack (We constantly add
mitigations to our cloud WAF, and the assumption is that newer attacks has
more success ratio than older ones).
For the analytics and insights we provide, we also enrich the data, for example:
* Adding target industry classification for the applications being attacked.
* Adding source & target countries.
* Adding source network types (For example: public cloud, TOR, etc).
The risk is then calculated by removing the lowest-risk attacks, as they’re
meaningless in terms of added risk, and determining the risk is done by
normalizing attack traffic against normal traffic. The logic to this
normalization is that we don’t want the index to be affected by
increased/decreased traffic (For example: if we have 20% more traffic due to new
customers in a certain month, we don’t want it to affect the risk index).
Read more Minimize
+1 866 926 4678
Partners
* Imperva Partner Ecosystem
* Channel Partners
* Technology Alliances
* Find a Partner
* Partner Portal Login
Resources
* Imperva Blog
* Resource Library
* Case Studies
* Learning Center
About Us
* Who We Are
* Events
* Careers
* Press & Awards
* Contact Information
Network
* Network Map
* System Status
Support
* Emergency DDoS Protection
* Support Portal
* Imperva Community
* Documentation Portal
* API Integration
* Trust Center
Cookies Settings Trust Center Modern Slavery Statement Privacy Legal
English
EnglishDeutschEspañolPortuguês日本語中文
+1 866 926 4678
English
EnglishDeutschEspañolPortuguês日本語中文
*
*
*
*
*
*
*
Cookies Settings Trust Center Modern Slavery Statement Privacy Legal
Copyright © 2021 Imperva. All rights reserved
×
PREVOTY IS NOW PART OF THE IMPERVA RUNTIME PROTECTION
* Protection against zero-day attacks
* No tuning, highly-accurate out-of-the-box
* Effective against OWASP top 10 vulnerabilities
Learn more here
× Want to see Imperva in action? Fill out the form and our experts will be in
touch shortly to book your personal demo.
THANK YOU!
An Imperva security specialist will contact you shortly.
×
“Imperva prevented 10,000 attacks in the first 4 hours of Black Friday weekend
with no latency to our online customers.”
Top 3 US Retailer
×
Learn more about the Cyber Threat Index
×
THANK YOU!
An Imperva security specialist will contact you shortly.
Imperva uses cookies to improve your experience, deliver personalized content
and analyze our traffic. You may modify your cookies settings at any time, as
explained in our Cookie Notice
Cookies Settings Accept All