The current mix of new technologies, geopolitical tensions and social conflicts is increasingly exacerbating the digital threat situation. The findings from the latest cybersecurity report by German IT security company Myra Security illustrate the dynamics in this space.
The digital challenges for companies, organizations and public institutions continue to increase. An analysis of the defense data collected in the latest Myra Cybersecurity Report shows that the number of malicious requests on websites, online portals and APIs increased by 53.2 percent in the first half of 2024 compared to the same period last year. These malicious traffic flows include DDoS attacks, database attacks and manipulation attempts, as well as common attack methods such as cross-site scripting, SQL injection, credential stuffing, brute force, spam and more.
Professionalization of attackers and economic consequences
In addition to the increasing professionalization of cybercriminals, the reasons for the significant rise in malicious requests on the internet are the increased use of cybercrime-as-a-service platforms and freely available attack tools such as DDoSia. The latter is made available by followers of the cyber group NoName057(16) via Telegram messenger. Once installed, the client computer acts as part of a botnet to carry out DDoS attacks. A look at the data from the Myra Security Operations Center shows just how devastating the power of DDoSia is: In June, the defense systems defended against a 17-hour DDoS attack on the digital processes of a German company in critical infrastructure. The attack typically took place over several waves and led to a hundredfold increase in access volume.
The economic impact of such attacks is immense. Globally, costs of around 8.5 trillion euros are expected in 2024 – a sum that corresponds to around half of the European Union’s gross domestic product in 2023.
New attack techniques focus on digital Achilles’ heels
The emergence of new attack techniques such as the “HTTP/2 Continuation Flood” also presents IT security managers with new challenges. Compared to conventional HTTP/2 multiplexing attacks, this can achieve 55 times the number of malicious requests. In principle, this means that a single endpoint is sufficient as an attack tool to overload a web server.
Overall, companies are facing growing difficulties, particularly when it comes to defending against attacks on web applications. The increasing technical complexity of these systems makes them attractive targets for cyber criminals and at the same time makes their effective defense more difficult.
Outlook and need for action
“The figures in our new Cybersecurity Report show that the threat situation is continuing to worsen instead of becoming less dangerous,” explains Christof Klaus, Head of Global Network Defense at Myra Security. “Cyber attacks are no longer an exception, but a constant. This is the new normal. Only those who remain capable of doing business despite constant attacks are truly resilient – and can always make the best possible decisions based on data and in real time.”
Legislators and supervisory authorities are therefore equally called upon to create appropriate frameworks to make society more resilient to cyber risks. Only with a joint effort by business, politics and society can the growing challenge in the area of cyber security be met efficiently. The development of the threat situation so far this year once again underlines the urgency of making this issue a top priority.