×

Irish Information Security Forum

Web Application Firewall Analysis Report

Source: Vercara

 

Vercara offers a cloud-based Web Application Firewall (WAF) service, named UltraWAFtm, to its customers. It is a full reverse HTTP and HTTPS proxy that sits in front of web applications and protects them from attacks such as SQL Injection and Cross-Site Scripting. It also protects against harmful bots and scrapers

 

This report is a summary of Web Applicaiton attacks detected and mitigated by UltraWAF for the month of October 2024. It is a recurring report highlighting monthly trends observed by the platform and analysts.

 

In October 2024, Vercara’s UltraWAF platform processed over 595 million web requests, reflecting a slight decrease from the month prior. Of those requests, approximately 16.97% (over 101 thousand) were identified as being malicious with another 2.28% (over 13 thousand) being bot traffic. One of the most notable trends was a 3,100% increase in XML WSI Error Body Environment Namespace category, an indicator of potential XML structure issues that could be exploited for attacks such as XML injections, Denial-of-Service (DoS), WAF bypassing or XML External Entity (XXE) attacks.

 

The most common attack category observed was the Cookie category, accounting for around 44% of all malicious activity. There was no change in the top three targeted industry with Travel/Hospitality still number one with around 41% of all attacks directed towards that industry.

 

Highlighted attack payloads revealed multiple CVEs being exploited. Notable examples include a command injection vulnerability in TP-Link Archer routers (CVE-2023-1389), which allowed for remote code execution via unsensitized input. Another example was reconnaissance activity targeting InfluxDB instances (CVE-2022-36640) to extract server diagnostics and performance data. An Apache Solr vulnerability (CVE-2023-50292) allowed attackers to gather core configuration information for potential follow-up attacks.

 

Additionally, PHP web applications were targeted with Local File Inclusion exploits (CVE-2023-4113), using pearcmd to inject code for further malicious actions, and Remote File Inclusion (CVE-2024-4577) exploits, leveraging misconfigured PHP on Windows servers for unauthorized code execution.

 

Stats at a glance.

  • Total Web Requests: 595,641,952
  • Total WAF Violations: 101,116,451 (a 26.61% increase compared to September 2024)
  • Total Bot Violations: 13,611,935
  • Largest Threat Category: Cookie (44.09%)
  • Top Three Industry Targeted: Travel/Hospitality (41.27%), Technology/Security (35.72%), Financial (18.32%)
  • Top Three Source Countries: Great Britain (42.77%), The United States (39.67%) and South Africa (1.35%)

 

Download

Web App Firewall Analysis Vercara October 2024

IISF Logo

If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:

By email:
secretary@iisf.ie

By post:

David Cahill

Information Security

GPO, 1-117
D01 F5P2

Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland

 


Forum SPONSORS 

Invitations for Annual Sponsorship of IISF has now reopened.

Sponsorship of IISF Opportunity
(your logo & profile link here)

 

Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more

 

secured by edgescan digital security radar logo

© iiSf. All rights reserved. CRN: 3400036GH  - Privacy  - Sponsorship  - Cybersecurity News Index  - Cybersecurity Resources  - X  - Produced by
LinkedIn Twitter