Top Website Vulnerabilities In Q1 2020
2020 hasn’t had the most ideal start. Moreover, things started taking a downturn as the first quarter commenced, thanks to the deadly outbreak of the coronavirus pandemic. And perhaps, that could be the only reason why most of the renowned publication houses in the world reported about the vulnerability of web application security.
Cyber-attacks have been on the rise amidst the fear and panic of the pandemic all around the world. In fact, according to the Economic Times, India has registered a 37% increase in cyberattacks in the Q1 of 2020 compared to Q4 of 2019.
If you delve a little deeper into the topic pertaining to the web application firewall, Kaspersky Security Network, a globally renowned online security provider, reported that as many as 52,820,874 cyber threats had come up in the first quarter in India.
Why has there been an increase in cyberattacks in the first quarter of 2020?
It isn’t very difficult to ascertain the reason behind the surge in the number of web application firewall breaches around the world. It all boils down to the COVID-19 situation and home quarantine of every employee around the world and both the people and many more new applications that were launched to enable communications/collaborations while being remote became an easier target.
Work from home meant there was an increase in the number of audio and video conferencing applications. In fact, according to Info-Security, a web-based magazine, Zoom teleconferencing app recorded a whopping 600,000 accounts being opened in a single week.
All the sectors around the world witnessed major scares during the first quarter. So, while it is important for us to develop a strong cybersecurity network despite the spike in the number of threats, we also need to learn more about the most common vulnerabilities.
The major crypto-exchange scare
According to a report made on Infosecurity, Altsbit, an Italian crypto exchange suffered a massive scare. Hackers were reported to have made off with 1066 KMD (Komodo) tokens and 283,375 VRSC (Verus) coins. The combined value of these was estimated to be $27,000.
The company even made a statement that almost all the funds from ETH, BTC, VRSC, and ARRR were stolen except for a very small portion which was stored in a cold wallet. These wallets have a private key and are stored offline, which resulted in them being safe.
The Twitter API Malfunction
Back in February 2020, Twitter, a very popular social media app, was open to vulnerabilities as well. As per a report, there was a massive abuse of a Twitter API that disclosed the phone numbers of users.
This specific malware hack was intended for new users. The social media site has an option that enables new users to be found by people who already have their phone numbers. According to Twitter, a large volume of requests were coming for countries, like Malaysia, Israel, and Iran. The vulnerability was soon taken care of by the platform.
Remote working trend
The prevailing COVID-19 brought about a new operation strategy among businesses around the world. To begin with, a lot of companies are looking to implement the work-from-home operation permanently as it brings the cost down and also increases efficiency.
However, this has a downside too. With the increase in the number of WFH employees, the number of unsecured connections on the network will increase. This eventually makes a lot of official and confidential data of the companies in a vulnerable state. However, the long term impact might not be negative as better security will be devised.
Data breaches and phishing
The prevention of data breaches and phishing is one of the main tasks of web application security solutions. Plus, the world knows that these threats won’t disappear any time soon. And since the transactions and interactions over the internet have increased rapidly in the first quarter of 2020, almost everything on the network is exposed to cyberattacks.
Data breaches, brute force logins, personal data thefts, etc., have all been on the rise even on social media too. In fact, brute force login attempts have been extremely high among reports.
Vulnerabilities of IoMT
IoMT, or the Internet of Medical Things, has been growing since the last decade or so. However, according to a report from Cyber Security Intelligence, a UK-based international online magazine, these medical equipment have a higher vulnerability towards cyber threats.
Insulin pumps, defibrillators, pacemakers, and heart and glucose monitors are all categorized under the IoMT. And though the vulnerabilities are increasing by the day, the health sector has been quite proactive in coming up with a solution to the growing concerns.
Attacks on supply chain
2020 was believed to be the best year for the digitization of the supply chain. However, the truth has been far away as cyberattacks have become more intelligent. Supply chains were supposed to be leveraged to maximize efficiency and cost-effectiveness with IoT, automation, supply chains, big data management, etc.
However, the growing dependency on internet connection and cloud services meant the vulnerabilities would shoot up. And very rightly so, cyberattackers have been keen on disrupting the building supply chain over the cloud.
The internet of things is become mainstream and becoming ubiquitous. Look around and you will realize that you are surrounded by smart devices everywhere. However, as companies push towards bringing out smarter IoT devices for connected living, the vulnerabilities are on the rise too.
A lot of IoT devices aren’t as secure as they are smart. Smart wearables, fitness trackers, smart speakers, security surveillance cameras are also made to simplify human life. However, these are operated under an unsecured internet network, which opens the gate towards greater chances of falling prey to web application firewall breaches.
And this is not just an assumption. The number of vulnerabilities in this sector has been on a constant rise in the first quarter of 2020.
Ransomware during Coronavirus
A ransomware scare is the deadliest of its kind. In 2019, such ransomware attacks had taken major industries under its arms and 2020 has been no different. The first quarter of 2020 has seen an increase in the use of personal data over unsecured networks, which exposes sensitive data.
And even worse, cyberattackers aren’t encrypting the data personal data anymore. Instead, they demand to sell the data if not compensated.
According to a lot of industry specialists, the rollout of 5G has been a little ahead of time, especially when you consider the equivalent security. With the rollout of the high-speed data processing connection at a rapid pace in the United States of America, more people are being exposed to the risk of the impact of a faulty web application scanner over the network.
And the real bad news comes from the fact that the rollout has been so very rapid that no such steps can be taken on a macro level.
Artificial Intelligence and Machine Learning
Artificial intelligence and machine learning is the future. Plus, the security of the big data (the food for AI and machine learning) stored on the cloud is quite apt too. However, what has been worrisome is the fact that a lot of new security threats have cropped up during this worldwide pandemic.
The offensive side of AI has been growing at a rapid pace, but not much could be said about the defensive side. But again, the condition has not been as bad as it is for other fields as AI itself is a great weapon to fight against malware.
Let’s know a little more about Web Application Security
Now, after having been through the most common vulnerabilities in web application security around the world, let’s take a look at the most common cyber threat treads that the world is up for in 2020. These have been reported by Norton, a global player in security solutions.
- Synthetic identities
Just like the name suggests, synthetic identities are derived with a mix of real and fake credentials. Hackers use such technology to create a real-like person and illusion.
- Social media disinformation
Fake news is on a growing trend and a lot of the security service providers are working hard towards devising ways to curb this. Fake news or wrong information news being circulated on social media hasn’t been as prevalent as it has been in the first quarter of 2020, thanks to the global pandemic.
- Automobile cyber attacks
Believe it or not, the inclusion of automobiles in the IoT has added to the vulnerabilities. Though Apple CarPlay and Android Auto make it easier for us to connect smartphones to the car, the vulnerabilities towards cyber-attacks have increased.
Data and Application security have been the need of the decade, especially with the increased adoption of IoT, AI, and Machine Learning from Big Data, medical equipment. However, the current pandemic has managed to hamper the stable growth and divert it towards more applications and data being exposed in an urgent manner to counter pandemic situations of working remotely and hence more vulnerable. As we progress we need to look at how to ensure there is the agility to react to unknowns without compromising on security.
And yes, the impact will continue to be grave until the web application security solutions don’t come up with a fool-proof technology for unsecured data connectivity. Though Foolproof solutions is a utopian end goal, one may want to look at managed service solutions and partnerships with experts so that at least the organization is one step ahead of the attackers when it comes to protecting their digital assets even when they are acting in crisis.