Web application attacks on UK businesses have soared by over 250% since October 2019, driving a surge in data breaches, according to Imperva.
The security vendor analyzed nearly 4.7 million web application-related cybersecurity incidents over the period to find that attacks are increasing, on average, by 22% each quarter.
This is likely to be fuelling a vast increase in data breaches. Remote code execution (RCE) and remote file inclusion (RFI) attacks, often used to steal information and hijack websites, surged by 271% over the two years.
In fact, previous research from Imperva Research Labs found that half (50%) of all data breaches begin with web applications. The research estimated that around 20 billion compromised records would stem from web app attacks this year.
More concerning still is that recorded web app attacks increased by 68% from Q2 to Q3 2021, as threat actors sought to flood underground sites with stolen data ahead of the Christmas shopping period.
Fraudsters often use busy shopping times to disguise their activity, as retailers sometimes relax their checks to process larger sales volumes.
“The pandemic placed immense urgency on businesses to get all kinds of digital transformation projects live as quickly as possible, and that is almost certainly a driving factor behind this surge in attacks,” said Peter Klimek, director of technology at Imperva.
“The changing nature of application development itself is also hugely significant. Developments like the rapid proliferation of APIs and the shift to cloud-native computing is beneficial from a DevOps standpoint, but for security teams, these changes in application architecture and the accompanying increased attack surface is making their jobs much harder.”
According to official figures, fraud costs UK businesses and consumers an estimated £1.3bn in the first half of 2021, a three-fold year-on-year increase.