The report shows a 261 per cent rise in cyberattacks in India compared to a 76 per cent increase globally from Q1 2023 to Q1 2024
Indusface, a leading Application Security SaaS firm with over 5,000 customers across 95 countries, recently released its “State of Application Security Q1 2024 Report.” The report reveals a significant increase in cyberattacks on Indian websites, with over 1.8 billion attacks recorded between January and March 2024.
The report shows a 261 per cent rise in cyberattacks in India compared to a 76 per cent increase globally from Q1 2023 to Q1 2024. Power and energy companies in India faced up to 500 times more attacks than the industry average, as hackers increasingly target less regulated sectors for ransom.
DDoS attacks increased by 76 per cent compared to the same period last year, making them the most common attack vector in most industries. However, in retail, manufacturing, and healthcare, bot attacks were more frequent. Every healthcare site examined faced bot attacks, with 9 out of 10 BFSI (Banking, Financial Services, and Insurance) apps also experiencing such attacks. Overall, bot attacks surged by 147 per cent compared to Q1 2023.
The report also noted that bot attacks originated from several countries, including the US, Germany, and Japan. “A 2.5 times increase in attacks on Indian applications is a matter of great concern. Compared to last year, we are also seeing more attacks on unregulated industries such as power and manufacturing. Consistent with global trends, DDoS and bot continue to be the top two threat vectors employed by attackers in India,” said Ashish Tandon, Founder and CEO of Indusface.
To address these threats, Indusface’s AppTrana WAAP platform blocked over 1.8 billion cyberattacks. This AI-powered platform helps security teams respond quickly to advanced threats while managing limited resources. “Given the acute shortage of security talent and the increasing pressure on CISOs to cut budgets, AppTrana WAAP, a fully managed and AI-powered platform, is letting security teams be more lean and nimble at the same time as they respond to advanced threats,” Tandon added.
The report identified 614 zero-day vulnerabilities in websites and APIs protected by AppTrana WAAP, along with 17,000 critical and high vulnerabilities on a sample of 1,400 apps. About 32 per cent of these critical vulnerabilities remained unresolved for over 180 days. The platform’s core rules protected against 95 per cent of zero-day vulnerabilities, with custom rules covering the remaining 5 per cent.
Key findings from the report include:
Power and energy companies faced 500 times more attacks than the industry average, primarily from ransom-seeking hackers.The Banking, Finance, and Insurance sectors are the most targeted overall, facing four times more encoding attacks and three times more HTTP protocol enforcement attacks than other industries.
SQL injection attacks were common in banking, insurance, SaaS, and retail, while cross-site scripting attacks frequently targeted financial services and healthcare.
Local File Injection (LFI) attacks increasingly targeted the manufacturing sector.
Bot attacks were more common than DDoS attacks in retail, manufacturing, and healthcare.