www.imperva.com
Open in
urlscan Pro
45.60.73.225
Public Scan
URL:
https://www.imperva.com/cyber-threat-index/
Submission: On March 17 via manual from US — Scanned from US
Submission: On March 17 via manual from US — Scanned from US
Form analysis
2 forms found in the DOM<form elem-id="" class="marketo-form" data-form-id="3495" data-form-args="form_args_1596538998" __bizdiag="-1715424994" __biza="WJ__"></form>
<form elem-id="" class="marketo-form" data-form-id="3543" data-form-args="form_args_1122673603" __bizdiag="-1715424994" __biza="WJ__"></form>
Text Content
Under DDoS Attack? +1 866 777 9980 Login LoginCloud Security ConsoleBot Management ConsoleRASP Console EN EnglishENDeutschDEEspañolESPortuguêsPT-BR日本語日本語中文CN Under DDoS Attack? +1 866 777 9980 Start for FreeContact UsStart for FreeContact Us Login LoginCloud Security ConsoleBot Management ConsoleRASP Console * Application Security Application Security Products * Web Application Firewall * Advanced Bot Protection * Client-Side Protection * Runtime Protection * DDoS Protection * API Security Solutions * Stop software supply chain attacks * Prevent account takeover fraud * Protect modern web applications Resources * Explore related assets * Read blog posts * Application Security Guide * Data Security Data Security Products * Database Risk and Compliance * Data User Behavior Analytics * Data Privacy Solutions * Safeguard sensitive and personal data * Advance data governance * Assure data compliance and privacy * Securely move data to the cloud Resources * Explore related assets * Read blog posts * Data Security Guide * Network Security Network Security Products * DNS Protection * DDoS Protection * Content Delivery Network Solutions * Ensure consistent application availability * Embed security into DevOps * Stop software supply chain attacks Resources * Explore related assets * Read blog posts * Cloud-Native Security Cloud-Native Security Products * Serverless Protection * API Security * Cloud Data Security Solutions * Embed security into DevOps * Securely move data to the cloud Resources * Explore related assets * Read blog posts * Try Imperva Snapshot * Security Automation Security Automation Products * Imperva Sonar – SaaS * Imperva Sonar – Anywhere * Imperva Sonar Pricing and Plans Solutions * Automate insider threat management * Contain malicious data activity Resources * Explore related assets * Read blog posts * More More * Industries * Support * Partners * Customers * Resources * Company Industries Industries One platform that meets your industry’s unique security needs. * Government * Healthcare * Financial Services * Telecom & ISPs * Retail Support Support Need support? Check out our channels. * Technical Support * Services * Imperva University * Community * Support Portal Login * Documentation * EOL Policy Partners Partners Channel Partners Program * Imperva Partner Ecosystem * Channel Partners * Become a Channel Partner * Find a Partner * Partner Portal Login Technology Alliances Partners (TAP) * Technology Alliances Partners * Become a TAP * Find a TAP Customers Customers Hear from those who trust us for comprehensive digital security. * Imperva Customer Stories Resources Resources Get the tools, resources and research you need. * Resource Library * Blog * Events & Webinars * Free Tools * Cyber Threat Index * Privacy, Compliance & Trust Center * Imperva Product and Service Certifications Company Company Get the tools, resources, and research you need. * About Us * Careers * Press & Awards * Contact Information Home > Cyber Threat Index CYBER THREAT INDEX 2022 2022202120202019 January JanuaryFebruaryMarchAprilMayJuneJulyAugustSeptemberOctoberNovemberDecember * Overview * Application Security Threats * Data Security Threats * DDoS Threats * Daily Attacks Map Critical High Elevated Low Lowest 1000 850 700 550 400 0 Cyber Threat Index January 2022 756 2% January 2022 up 12 since last month What is the Cyber Threat Index? CYBER THREAT INDEX SCORE BY COUNTRY CYBER THREAT INDEX SCORE BY INDUSTRY View threat level by: Country Industry Country Global CTI Score Japan United States Add country Created with Highcharts 8.1.1Daily Cyber Threat Index ScoreGlobal CTI ScoreJapanUnited StatesJanuary 03January 10January 17January 24January 31500550600650700750800850 Loading... Industry Global CTI Score Financial Services Retail Sports Add industry Created with Highcharts 8.1.1Daily Cyber Threat Index ScoreGlobal CTI ScoreFinancial ServicesRetailSportsJanuary 03January 10January 17January 24January 31500550600650700750800850 Loading... INSIGHTS AND RECOMMENDATIONS Imperva’s cloud networks, the same network that gathers the data behind our Cyber Threat Index, also powers the suite of products that protects our customers from those attacks every day. Start by reading our expert analysis on this month’s most significant insights, and then click to take action below. Increase in traffic and attacks to gambling and sports sites Coinciding with the start of the Winter Olympics in Beijing, we have monitored an increase in traffic (+43%) and attacks (+18%) on gambling and sports sites. The main attack types are remote code execution and business logic abuse. In these cases, attackers are trying to either inject malicious code to take over the server or steal sensitive information related to the site and its users. Take Action × INCREASE IN TRAFFIC AND ATTACKS TO GAMBLING AND SPORTS SITES In advance of event- and season-driven attack increases, make sure your assets can scale to protect your sites against intensified cyber attacks. Learn more here https://www.imperva.com/solutions/protecting-modern-web-applications/ Surge in encrypted DM traffic and attacks against News sites in the Ukraine Attack incidents against Ukraine News sites grew by +56% . Most of the attacks were carried out by automated tools and were spread across all OWASP top 10 categories. Also, we notice a 20% increase in traffic to Ukraine sites referenced by encrypted DM message applications (like Telegram) over the last three months. APPLICATION SECURITY THREATS Understand how applications are attacked globally. Learn the types of attacks and the vulnerabilities exploited. APPLICATION SECURITY HIGHLIGHTS With visibility into global web application traffic from different industries, the Cyber Threat Index is a comprehensive look at application security. 1.56 Trillion Total Number of Requests Analyzed 57 Billion Total Number of Application Attacks Blocked ORIGIN OF WEB THREATS This map reflects the relative amount of attacks per country, after normalizing the number of attacks with legitimate traffic. Hover mouse over the countries to see data. Created with Highcharts 8.1.1 Least attacksMost attacks COUNTRY VS COUNTRY HEATMAP This heatmap shows attacks where countries are the source (attackers) or destination (attacked) of application security attacks. The number represents a relative, normalized value. Created with Highcharts 8.1.1Source of AttackAttacked CountriesAustraliaCanadaChinaFranceGermanyIndiaJapanRussiaSpainUnited KingdomUnited StatesUnited StatesUnited KingdomSpainRussiaJapanIndiaGermanyFranceChinaCanadaAustralia Least attacksMost attacks CYBER ATTACK TYPES Breakdown of attack attempts seen in our network, split by attack types. Created with Highcharts 8.1.1 Business Logic 28.5% RCE/RFI 26.5% Path Traversal/LFI 17.5% XSS 14.0% SQLi 4.7% Backdoor/Trojan 3.3% File Upload 2.3% Spam 1.5% Authentication Bypass 1.4% Account Takeover 0.3% CYBER ATTACKS BY SOURCE Breakdown of attack attempts seen in our network, split by the source of the attacking traffic. Created with Highcharts 8.1.1 Anonymity Frameworks 3.7% Scanning services 1.3% Hosting Services 4.1% Other 28.6% ISP 1.6% Public Cloud 60.7% AUTOMATED VS HUMAN ATTACKS Shows the proportion of bot and human traffic identified as performing attacks within all observed traffic. Created with Highcharts 8.1.1 Total Traffic Bot Traffic 39.7% Attacks 3.2% Good Bots 1% ATTACKS OBSERVED BY TOOL USED Shows the breakdown of attacks in our network by the type of tool used by attackers. Created with Highcharts 8.1.1 Other Bot 56.2% HackingTool 16.4% Browser 12.7% VulnerabilityScanner 14.7% VULNERABILITIES BY SEVERITY Shows the number of disclosed vulnerabilities for every day of the month. These vulnerabilities are separated by severity. Includes both CVE (Common Vulnerabilities & Exposure) and ‘Non-CVEs’. Created with Highcharts 8.1.1VulnerabilitiesHighMediumLowJanuary 03January 10January 17January 24January 31020406080 VULNERABILITIES BY ‘EXPLOITABILITY’ Breakdown of vulnerabilities disclosed by the “exploitability” (e.g. whether there is a published exploit) of the disclosed vulnerability. Created with Highcharts 8.1.1 No Exploit 51.6% Private Exploit 17.6% Public Exploit 30.8% VULNERABILITIES BY ATTACK TYPE Shows the breakdown of attack types for the published vulnerabilities. Created with Highcharts 8.1.1 XSS 35.9% SQLi 6.1% File Upload 1.9% RCE/RFI 51.1% Path Traversal/LFI 4.5% Authentication Bypass 0.3% DATA SECURITY THREATS Understand how databases are attacked and make sense of the vulnerabilities on different platforms. VULNERABILITIES BY SEVERITY In the following chart you can see the disclosed vulnerabilities for every day of the month. We separate them by their severity. This includes both CVE (Common Vulnerabilities & Exposure) and ‘Non-CVEs’. Low Severity 26 Vulnerabilities Medium Severity 6 Vulnerabilities HIGH Severity 0 Vulnerabilities DDOS THREATS Distributed denial of service (DDoS) attacks take a business offline. Understand which industries and countries suffer the most and the different types of DDoS attacks. Learn about the duration, size, and volume of DDoS attacks. DDOS ATTACKS HIGHLIGHTS Understand the duration of the longest attack. Know the size and volume of the largest DDoS attacks. Learn more about DDoS here. 19 hours Longest DDoS attack 1611k RPS Largest Web Application DDoS attack 471 GBPS Largest Bandwidth Network Layer DDoS Attack 111 MPPS Highest Volume Network Layer DDoS Attack APPLICATION LAYER DDOS ATTACK Shows the volume of Application Layer attacks for each day of the month by the maximum total requests per second (RPS) blocked by our DDoS mitigation service. Created with Highcharts 8.1.1Attack volume (requests per second)Attack volume (requests per second)January 03January 10January 17January 24January 310250k500k750k1,000k1,250k1,500k1,750k DDOS ATTACKS BY ATTACKED COUNTRY Breakdown of DDoS attacks by the attacked country. Created with Highcharts 8.1.1 United States 46.6% Spain 1.3% Canada 1.4% China 3.8% Russia 0.3% United Kingdom 37.7% Germany 2.0% France 1.4% Australia 1.5% India 1.2% Japan 2.8% DDOS ATTACKS BY ATTACKED INDUSTRY Breakdown of DDoS attacks by the attacked industry. Created with Highcharts 8.1.1 Gambling 5.7% Games 10.6% Finance 0.7% Computers and Internet 82.0% Business 1.0% NETWORK LAYER DDOS ATTACK Network layer attacks look to overwhelm the target by exhausting the available bandwidth. Shows the attacks by their bandwidth and by volume. Created with Highcharts 8.1.1Attack Rates (Million Packets PerSecond)Attack Volume (Gigabits Per Second)Attacks Rate (Mega Packets Per Second)Attack Volume (Gigabits Per Second)January 03January 10January 17January 24January 31025M50M75M100M125M0100G200G300G400G500G NETWORK LAYER ATTACK VOLUME (GBPS) BY VECTOR Breakdown of bandwidth volume (Gigabits per second) by the vector used in network layer DDoS attacks. Created with Highcharts 8.1.1 syn 2.7% large_syn 32.1% ssdp 0.8% ntp 9.1% dns 0.4% general 1.8% udp 33.9% dns_response 9.1% icmp 0.1% tcp 10.0% NETWORK LAYER ATTACK RATES (MPPS) BY VECTOR Breakdown of attack rates (Mega packets per second) by the vector used in network layer DDoS attacks. Created with Highcharts 8.1.1 ntp 8.8% tcp 23.5% syn 17.8% dns_response 3.2% icmp 0.2% large_syn 15.3% dns 0.4% general 9.5% udp 20.2% ssdp 1.1% TAKE THE NEXT STEP Our insights and recommendations are just the starting point. With Imperva’s dedicated team by your side, and access to our cloud network-powered suite of products, you can get protected, quicker. Get in Touch MEDIA INQUIRIES Every month we update the Cyber Threat Index with the latest data and charts. Please contact us for additional insight or to interview the threat researchers from the Imperva Research Lab. Contact Us WHAT IS THE CYBER THREAT INDEX? The Cyber Threat Index is a monthly measurement and analysis of the global cyber threat landscape across data and applications. The Cyber Threat Index provides an easy-to-understand score to track cyber threat level consistently over time, as well as observe trends. The data is (when applicable) also analyzed by industry and by country, to provide further analytics and insights. The Cyber Threat Index is calculated using data gathered from all Imperva sensors across the world including over: * Over 25 monthly PBs (Peta Bytes1015) of network traffic passed through our CDN * 30 billions (109) of monthly Web application attacks, across 1 trillion (10¹²) of HTTP requests analyzed by our Web Application Firewall service (Cloud WAF) * Hundreds of monthly application and database vulnerabilities, as processed by our security intelligence aggregation from multiple sources Critical High Elevated Low Lowest 1000 850 700 550 400 0 Cyber Threat Index January 2022 756 2% January 2022 up 12 since last month Viewers of the global Cyber Threat Index can dive deeper into the score & drill-down for individual industries and countries, and also view historic Index scores. On a monthly basis, our security experts are analyzing the data, to create insights about events and trends in data & application security based on the data we see. When applicable, we may also suggest recommendations for enhancing the security posture against the threats we see. HOW IS THE INDEX CALCULATED? The index is based on a number of ingredients: network traffic, attack traffic and vulnerabilities. We store attack data, as well as statistics about the network traffic we see from our Cloud WAF. This data is sent from our Cloud WAF proxies to our data warehouse, where it is enriched & aggregated. On a daily basis, we run analytics on the data we collect, to calculate a daily risk score per site, per industry & per country. VULNERABILITIES When calculating the vulnerabilities’ risk, our assessment is that: * The more severe the vulnerability – the higher the risk (Impact can be larger, for example: taking over a server vs disclosing system information) * The more recent the vulnerability – the higher the risk (The assumption is that patching of systems takes time, therefore there will be more vulnerable systems accessible) * If there is a public exploit, the risk is higher as more attackers has the ability to exploit the vulnerability, and the more wide-spread it is the higher the risk. DDOS ATTACKS We store statistics on both network DDoS attacks and application DDoS attacks. Network DDoS attack statistics include details about the duration of the attack, the volume of the attacks, number of sources and their proportion in the attack, different ports and methods (e.g. SYN flood, amplification etc.). These statistics are calculated and stored for attacks both in terms of packet per second and in terms of bytes per second. Application DDoS (Layer 7 DDoS attacks) statistics include information about the duration of the attack, the volume of the attack, the tools that were used and the different countries it originated from in terms of requests per second. We normalize all DDoS attacks statistics against the statistics we have about legitimate traffic, to prevent bias for increased/decreased amount of assets we protect (Globally or for a certain industry/country). APPLICATION SECURITY ATTACKS (AS SEEN IN THE WILD) At first, instead of dealing with a huge amount of daily attacking requests, we aggregate them into attacks (Each attack can have a very large number of HTTP requests as part of it). For each attack, we check: * The highest risk level of triggered rule within that attack (For example: an SQL Injection attack has more weight than an information disclosure attack). * The higher the intensity of the attack, the higher the risk. * The newer the mitigation, the riskier the attack (We constantly add mitigations to our cloud WAF, and the assumption is that newer attacks has more success ratio than older ones). For the analytics and insights we provide, we also enrich the data, for example: * Adding target industry classification for the applications being attacked. * Adding source & target countries. * Adding source network types (For example: public cloud, TOR, etc). The risk is then calculated by removing the lowest-risk attacks, as they’re meaningless in terms of added risk, and determining the risk is done by normalizing attack traffic against normal traffic. The logic to this normalization is that we don’t want the index to be affected by increased/decreased traffic (For example: if we have 20% more traffic due to new customers in a certain month, we don’t want it to affect the risk index). Read more Minimize +1 866 926 4678 Partners * Imperva Partner Ecosystem * Channel Partners * Technology Alliances * Find a Partner * Partner Portal Login Resources * Imperva Blog * Resource Library * Case Studies * Learning Center About Us * Who We Are * Events * Careers * Press & Awards * Contact Information Network * Network Map * System Status Support * Emergency DDoS Protection * Support Portal * Imperva Community * Documentation Portal * API Integration * Trust Center Cookies Settings Trust Center Modern Slavery Statement Privacy Legal English EnglishDeutschEspañolPortuguês日本語中文 +1 866 926 4678 English EnglishDeutschEspañolPortuguês日本語中文 * * * * * * * Cookies Settings Trust Center Modern Slavery Statement Privacy Legal Copyright © 2021 Imperva. All rights reserved × PREVOTY IS NOW PART OF THE IMPERVA RUNTIME PROTECTION * Protection against zero-day attacks * No tuning, highly-accurate out-of-the-box * Effective against OWASP top 10 vulnerabilities Learn more here × Want to see Imperva in action? Fill out the form and our experts will be in touch shortly to book your personal demo. THANK YOU! An Imperva security specialist will contact you shortly. × “Imperva prevented 10,000 attacks in the first 4 hours of Black Friday weekend with no latency to our online customers.” Top 3 US Retailer × Learn more about the Cyber Threat Index × THANK YOU! An Imperva security specialist will contact you shortly. Imperva uses cookies to improve your experience, deliver personalized content and analyze our traffic. You may modify your cookies settings at any time, as explained in our Cookie Notice Cookies Settings Accept All