Australia facing huge spike in WAF attacks

Attackers are redoubling their efforts to disrupt the Australian market with web application firewall (WAF) multi-vector and DDoS attacks, according to new research from Akamai.

Analysis of the Akamai Intelligent Edge Platform uncovered that there was a 100% increase in WAF attacks in the first quarter. This followed a massive spike in attacks in September and October of 2021.

In a blog post, Akamai Director of Security Technology and Strategy - APJ Dean Houari said the findings indicate that attackers are redoubling their efforts to disrupt the Australian market after a lull in November and December.

“Akamai can reveal that the Australian financial services sector has become a top target for web and API (application programming interface) attacks globally,” Houari said.

The top attack vectors are cross-site scripting and local file injection, he said, suggesting that attackers are trying to inject or execute malicious payloads to plant malware and potentially open the door for remote code execution attacks.

Significantly, Australia was the nation exposed to the most local file injection attacks, with more than 200 million during the analysis period. “This is significant because the United States has been the largest target for WAF attacks by a large margin as compared with other countries globally,” Houari said.

Meanwhile DDoS attack volumes soared to new heights during the period from late July to mid-November last year, with a number of large-volume, sustained attacks.

“In the first quarter of 2022, attackers turned their focus to more opportunistic attacks, targeting softer targets such as education and the public sector,” Houari said. “However, as with the WAF attacks, the respite will be short-lived and attackers will likely redouble their efforts toward large financial institutions. We saw a glimpse of that starting in late February 2022.”

DDoS attack activity peaked during the same period as the WAF attacks, he noted, indicating that the attacks are connected and as part of coordinated attacks by organised gangs.

Another trend identified as part of the analysis involves the increasing shift by cybercriminals to API-centric architectures, such as mobile apps, microservices, composable architectures and third-party integrations, Houari said.

“This trend is evident on the Akamai platform with API traffic composing 92% of web volumes. The issue with a shift to APIs is that it challenges conventional approaches to security and governance, making them a ripe target for attackers,” he said.

“We expect to see attacks continually increase over the course of 2022 that will impact organisations across all sectors, and organisations will need to find ways to mitigate such attacks by deploying API protections that can circumvent DDoS malicious injection, credential abuse, and API specification violations.”

Image credit: ©stock.adobe.com/au/momius