Applications have become the focal point of the Internet, the workhorses behind organizations of all types. Attackers have figured this out, and they target applications more than anything else (besides people). This research series ties together trends and data from a number of perspectives to give an overall picture of the application security threat landscape.
Of Sectors and Vectors
Our first supplemental piece to the 2021 Application Protection Report is a detailed examination of how attack chains vary by targeted industrial sector. This also provides some insight into how sectoral analyses compare with other kinds of security intelligence and how best to use them.
Of Ransom and Redemption
We dive ever deeper into the changing threat landscape, unpacking the evolution of formjacking to fit a wider target profile, as well as the evolution of ransomware from a niche attack to the latest default. We also analyze and visualize attack chains in greater detail using the ATT&CK framework.
DoS and Password Attacks
Looking at three years of reported security incidents shows continued growth in denial-of-service and password login attacks (32% of all reported security incidents) such as brute force and credential stuffing. DoS showed tremendous growth in APCJ and EMEA.
Recent Cyberattacks
To help defenders preempt web attacks, we did an analysis of more than one million recent cyberattacks and scans from Q3 2020. See which techniques and systems attackers are focusing on right now, so that you recognize them when they hit your logs!
Click through the animations below to understand how different attacks unfold.
