Threat Intelligence from Trustwave
Trustwave is a leading cybersecurity organization with more than 200,000 clients spread over 96 countries. As a result, they get to see and investigate many cybersecurity incidents. They also operate Trustwave SpiderLabs, which has a group of 250+ threat hunters, ethical hackers, investigators, and cybersecurity researchers.
Every year they use the knowledge gathered investigating cybersecurity incidents to produce the Trustwave Global Data Security Report. As in the previous editions, the 2018 version reports and comments on security attacks over three sections:
- Data Compromise – A summary of attacks seen broken down by region, industry, data type attacked, and methods used at a high level.
- Threat Intelligence – A deeper dive into the methods used. Such as email attacks, web attacks, application attacks, and malware.
- State of Security – An overview of how attack types on applications, networks, and databases are evolving, and how protections are changing to counter the attacks.
The report provides essential data for anyone tasked with delivering an excellent application experience and protecting business systems and user data from unauthorized access. In this article, we give a summary of some of the critical findings from the threat intelligence section related to attacks on Web applications.
Web Application Attacks
Providing information and services via web applications is crucial for many businesses and other organizations. These web applications must be secured and available around the clock. As they are information-rich, web applications provide a tempting target for attackers. The diagram below shows the types of attacks that are commonly made against web applications according to the Trustwave data.
We won’t go into the specifics of these attack methods. See our OWASP Top 10 articles here on the Kemp blog as they cover these attack types in depth.
The Trustwave report also highlights an increasing number of attacks directed at, or emanating from, poorly secured IoT and other internet-connected devices. Moreover, it highlights that content management systems like WordPress and Joomla are frequent targets for attackers.
Defending with a Web Application Firewall
A Web Application Firewall (WAF) provides a critical defense for web applications from the common types of attacks. Kemp LoadMaster can run the industry-leading Kemp WAF to enhance inline security significantly for web applications. In addition to providing the core features such as advanced L4-7 content switching, SSL/TLS offloading, intelligent global traffic distribution, and much more, LoadMaster with Kemp WAF installed also provides continuous protection against web application vulnerabilities. Daily updates are provided by Trustwave so that Kemp WAF is always up to date and protected against emerging threats. Find full details of Kemp WAF.
Other Threats That Trustwave Highlighted
In addition to the comprehensive intelligence about web attacks, the 2018 Trustwave report also discusses other types of cyberattack. It is worth downloading the report so you can better prepare to protect your network from these other attacks. In summary, the other attack types covered are:
- Email-based attacks
- Exploits in software packages
- Zero-day vulnerabilities on common software systems
- Known vulnerabilities with security fixes in unpatched systems
- Cryptocurrency massed attacks
- Ransomware attacks
- Coin mining
- Drive-by on web pages
- Malware installation
Cyber defense is an ongoing core part of the modern multi-cloud business. It will remain so for the foreseeable future as the threat surface changes and expands. Kemp LoadMaster and 360 Central are perfect as part of a core IT deployment to help organizations off all sizes mitigate the threats from cybercriminals. The core LoadMaster features coupled with our Web Application Firewall and Edge Security Pack automatically protect against all the known risks, with ongoing updates to counter any emerging threats.