"Web Application Attacks Grow Reliant on Automated Tools"

A new report released by Barracuda Networks researchers shares findings from two months of attack data analysis. The findings reveal that cybercriminals have grown more reliant on the use of automated tools to perform their attacks. According to the report, the top five threat types dominated by attacks involving the use of automated tools include fuzzing attacks, injection attacks, fake bots, application Distributed Denial-of-Service (DDoS), and blocked bots. There are two types of attackers who use bots to exploit vulnerabilities in the performance of automated attacks. Most activity comes from attackers that deploy automated attacks at scale rather than target a specific website. The group with a smaller amount of traffic uses automated tools for attacks targeting e-commerce websites and other sites that can generate profit for them. The researchers pointed out that these threats could be manifested through fake bots posing as Google bots to circumvent detection mechanisms or app DDoS attacks attempting to disrupt a website by covertly overloading a web app. Researchers say that most attack traffic stems from fuzzing or reconnaissance tools used to examine apps for security flaws. When performing injection attacks, most attackers have used tools such as sqlmap to break into apps. Many of these injection attacks were script kiddie-level noise, meaning the attacks were launched against an application without reconnaissance to customize the attacks. This article continues to discuss cybercriminals' growing dependence on automated tools as well as researchers' observations surrounding the most common types of automated attacks. 

Dark Reading reports "Web Application Attacks Grow Reliant on Automated Tools"