Indusface, a TCGF II (Tata Capital) funded, rapidly growing Application Security SaaS company, released its Annual State of Application Security Report 2023.
The insights reveal that Indusface’s AppTrana network successfully blocked 6.8 billion attacks globally, with 5.14 billion of those targeting Indian enterprises, SMEs and government organisations. Cyberattacks exhibited an average quarterly spike of 63% from Q1 to Q4 in 2023, underscoring the urgency for robust cybersecurity measures.
The report sheds light on the vulnerability of various industries, particularly the healthcare sector, where 100% of sites faced bot attacks, and the banking, finance, and insurance industry, with 90% experiencing similar attacks. With a 10X increase in attacks, SaaS companies in India have rapidly emerged as key targets for cybercriminals due to the high-value customer data they store. The retail and e-commerce industries were mostly targets of carding attacks. Other industries analysed, include IT services and consulting, manufacturing, telecommunications, marketing and advertising.
In 2023, 8 out of 10 sites faced targeted bot attacks, witnessing a 46% increase each quarter, totalling over 467 million bot attacks. Major cyberattack origins, apart from India, included the United States, the United Kingdom, Russia, Germany, and Singapore.
Distributed Denial of Service (DDoS) attacks recorded a significant 46% increase each quarter, reaching 4.25+ billion in 2023. Four out of 10 sites experienced a DDoS attack. A notable rise in botnet-driven low-rate HTTP DDoS attacks was also observed in 2023. The worrying aspect is that over 39% of enterprises were not confident about having the ability to prevent large-scale DDoS attacks.
Speaking about this, Ashish Tandon, CEO of Indusface, said, “2023 was probably the year where bad bots really took off. That was one attack vector that saw high double digit increases Q-o-Q. I would hazard a guess and attribute it to bad actors leveraging LLMs to deploy more bots at scale. Along with card cracking or credential stuffing, we also saw bot-driven, low-rate DDoS attacks being used more frequently. Coming to mitigation, we have seen reasonable success where AI models are alerting our managed services team of possible anomalies and the team is able to quickly take mitigation measures. I foresee this to be the theme in 2024, where a combination of AI + humans will be crucial to thwart complex, multi-layered attacks.”