It’s been another chaotic year in cybersecurity, as protecting web applications and stopping sensitive data breaches remain top-of-mind issues and continue to generate headline news.
As 2021 comes to a close, cybersecurity and all the industries it serves is dealing with an unprecedented zero-day vulnerability in the form of CVE-2021-44228 – just 12 months after the Sunburst attack that made global news. While there were many topics that garnered attention this year, here are five that you should follow into 2022.
5. Bad Bot Report 2021: The Pandemic of the Internet
Why bad bots deserve your attention
In 2020, a record-breaking quarter of all internet traffic originated from bad bots, and the malicious traffic they create has wreaked havoc across multiple industries. The Bad Bot Report 2021 revealed that 57.1 percent of this traffic came from Advanced Persistent Bots (APBs). These bots often avoid detection by cycling through random IP addresses, entering through anonymous proxies, changing their identities, and mimicking human behavior and they are plaguing websites like never before. Bad bots have remained very troublesome this holiday season – check out Imperva CEO Pam Murphy explaining the scope of the problem on CBS News.
Where to get help
Imperva Advanced Bot Protection (ABP) protects eCommerce platforms from bad bots like Grinchbots that abuse business logic and make it nearly impossible for human customers to buy. ABP protects your real eCommerce traffic without any dropoff in website performance, ensuring an optimal customer experience and business continuity. Advanced Bot Protection can mitigate all OWASP automated threats including scalping, account takeover, web scraping and more.
4. How to Stop DDoS Attacks on Online Gamers
Why DDoS attacks on gaming deserve your attention
Gamers are high-value targets for cyber attackers; their high-spec machines alone are a valuable resource for cryptocurrency miners, not to mention attacks on players, platforms and studios. Anyone can launch a DoS/DDoS attack on individual gamers or entire networks, without programming knowledge. “DDoS as a Service” attacks can be rented online for as little as $10, complete with technical support. And if the bad guys can do it to a Fortnite World Cup team, they can do it to you, too.
Where to get help
Gaming platform or not, if you are interested in protecting your infrastructure from attack, you can learn more here about how Imperva can keep your players safe on the digital landscape. If you’re an ISP, you can find out more about protecting against network take-downs by DDoS and bad bots here.
3. Why Data Security and Privacy in the Digital Age are Crucial
Why data privacy deserves your attention
For many years, people have trusted organizations like banks and healthcare to handle their most sensitive personal and financial information. Today, in a highly-connected and digitized world, the routes to accessing that data have multiplied, making it much more vulnerable to a breach. A data breach can have catastrophic consequences in any industry, but they are particularly disastrous for enterprises that have built their customer base on trust. With so many tech newcomers waiting to take their customers, a publicly-announced data breach could erode that trust enough to create serious financial fallout for an organization.
Where to get help
Imperva Data Privacy reaches down into the intelligence layer and cuts through the massive quantities of raw data to make it easier and less costly to discover, classify, and analyze sensitive data. You can automatically probe your organization’s data for specific types of sensitive data and trigger appropriate action when required. Armed with this functionality, organizations can automate subject right request responses, delete sensitive personal data on-demand, and prove regulation compliance to auditors. You can start for free today.
2. Software Supply Chain Attacks: From Formjacking to Third Party Code Changes
Why software supply chain attacks deserve your attention
Today, vulnerabilities are being introduced in even the most rigorous software development lifecycle. And as we know, traditional application scanning tools are failing to identify every vulnerability. As your organization becomes more dependent on third-party software components and your applications and APIs are exposed to additional risk exposure, you’ll need proactive controls to mitigate the impact of these new supply chain attack vectors.
Where to get help
For supply chain attacks aimed at establishing a foothold and moving laterally across your network, you need a fast and easy way to mitigate risks with a positive security model that analyzes an application’s behavior. By identifying all expected activity, you easily expose high-risk and suspicious behavior. Imperva’s Runtime Application Self-Protection (RASP) uses a lightweight security plug-in to clearly analyze activity within the application to block unwanted actions, such as a third-party library suddenly establishing a network connection to an external site for C2. RASP protects applications, runtime, servers, open-source dependencies, and third-party libraries. Imperva RASP deploys in minutes by easily snapping into an application without requiring any code changes, and it requires no ongoing signature updates. Learn more.
1 How Imperva Is Protecting Customers & Staying Ahead of CVE-2021-44228
Why CVE-2021-44228 deserves your attention
This zero-day vulnerability has only been with us for a couple of weeks, but it’s taking up a lot of air, and with good reason. CVE-2021-44228 allows for unauthenticated remote code execution and is having a big impact on all organizations running Java workloads. Security teams are scrambling to immediately patch their software and upgrade third-party components to meet SLAs. Initial attack peaks reached roughly 280K/hour and as with other CVEs in its class, we expect to see this number grow, especially as new variants are created and discovered over the coming days and weeks.
Where to get help
Implementing Runtime Application Self-Protection (RASP) provides a broader defense-in-depth strategy for enterprises to protect their applications and APIs. Some Imperva customers, including from the eCommerce and Telecom industries, have been able to save thousands of hours in emergency patching and speed up the secure software development lifecycle. Customers that have RASP deployed across their Java applications are protected from RCEs related to CVE-2021-44228.
Try Imperva for Free
Protect your business for 30 days on Imperva.