China Internet Security Report 2021: API threat soared by more than 200%, and the security risk of software supply chain increased

【TechWeb】7 month 14 Daily news , recently , Wangsu technology and several generations of consulting were released in Beijing 《2021 China Internet Security Report 》（ Hereinafter referred to as 《 The report 》）.《 The report 》 Show ,2021 In, the network security situation became more serious , Application layer attacks continue to occur at a high rate ,API Attacks are particularly explosive , achieve 2020 Year of 3.13 times . meanwhile , The ways of network attack tend to be diversified , The number of attack sources from abroad has increased significantly .

《 The report 》 call , With the increasing dependence of enterprises on open source software , The impact of open source software vulnerabilities is gradually far-reaching , The protection method of combination boxing has become a trend to deal with the security risks of software supply chain . Besides ,《 The report 》 mention , Enterprises are accelerating the transformation to a new generation of network security model zero trust architecture , This will drive the higher-order concept of zero trust SASE The needs of .

Cyber attacks continue to occur at a high rate ,API Attack growth exceeds 200%

According to the 《 The report 》,2021 year DDoS The number of attacks increased by about 60%,DDoS The maximum attack bandwidth reaches 774.58Gbps, Compare with 2020 The peak of the year 612.67Gpbs, The scale breaks through again . The game is still suffering DDoS The most attacked industries , More than half of them .

Web Application attacks continue to multiply ,2021 The annual volume reaches 229.83 100 million times , Year-on-year growth 141.30%. among , near 50% Of Web The attacks focus on software information services and the financial industry . From attack IP Geographical location analysis found , From abroad Web Application attack IP It soared year-on-year 357.16%,《 The report 》 Speculation may be related to the increasingly tense geopolitical situation .

Malicious crawler attack , According to the monitoring of the network host security platform ,2021 The annual average occurs every second 2688 Malicious crawler attack , The annual attack volume is 2020 Year of 2.36 times . From the perspective of industry , As the negative impact of the epidemic on transportation is gradually eliminated , Ticket grabbing reptiles recover , The amount of malicious reptile attacks suffered by the transportation industry ranges from 2020 The sixth place in the year returned to the top three .

It is worth noting that , Enterprises are open API More and more , The risks will increase ,API Security threats have entered a period of outbreak . According to the 《 The report 》,2021 Year for API Business attacks reach 147.98 100 million times , Year-on-year growth exceeding 200%, Among them, retail 、 The financial industry has become the hardest hit area with its deepest digitalization , Nearly 70% of the two are concentrated API attack . in addition , Although malicious crawlers are still the main way to attack , But its proportion has decreased , in the light of API The types of attack methods of business tend to be diversified as a whole .

Vice president of Wangsu Technology 、 LV Shibiao, chief safety officer, pointed out ,API As the core channel to connect services and transmit data , Demand is growing significantly , But now API There is a mismatch between protection capability and demand , The mainstream rule-based application vulnerability attack protection has been difficult to deal with . meanwhile ,API The use of is closely related to data security ,《 Data security law 》、《 Personal information protection law 》 Successive releases of , Make it a legal obligation for enterprises to protect data security , Under this situation, the industry urgently needs to strengthen the comprehensive prevention and control system .

Regarding this , Nethome security laboratory suggests that enterprises adopt the method of automatic discovery API、 testing API Access behavior , Support API Advanced of life cycle management API Protective products , And on this basis to WAAP（ cloud Web Applications and API Protect ） Project evolution .

The concealment of host threats has increased , Software supply chain security needs a combination of fists

《 The report 》 Yes 2021 Analysis of host intrusion events in found , Attackers targeting the host used hidden processes on a large scale （ Detection rate 59%）、 Camouflage malicious scheduled tasks （ Detection rate 78%）、Rootkit Technology , To avoid abnormal behavior detection , This means that the concealment of host security threats has increased , It will put forward higher requirements for the host intrusion detection capability .

Besides , According to the monitoring of the network host security platform , from Apache Log4j2 Intrusion events caused by remote code execution vulnerabilities account for nearly half of the total host security intrusion events .

LV Shibiao pointed out that ,“Log4j2 Big shock caused by security vulnerabilities , It reflects that the security risk of software supply chain is intensifying . in fact , With the acceleration of global industrial digitalization , Enterprises are increasingly dependent on open source software , Any relatively low-level open source component has a vulnerability , Will cause ‘ Attack one point , Hurt one ’ The broad impact of .” 

《 The report 》 I think combination boxing is the trend of protection . Specific strategies , Nethome Security Lab suggests that asset discovery 、 Vulnerability detection 、Web Apply virtual patches and other means provided by protection products , At the initial stage of vulnerability exposure, intercept the exploitation of the vulnerability , Software component analysis can be used in the application development stage （SCA） technology , Avoid using sick online .

Last 《 The report 》 The observed , More and more enterprises have begun to use zero trust network access ZTNA replace VPN, With mobile office 、 Hybrid clouds accelerate the melting of network boundaries , Enterprise integration of security functions 、 The integration of strategy and control has become a trend ,SASE As the best solution , Demand will grow .

SASE The key technologies of include SD-WAN、 Firewalls are services (FWaaS)、 Cloud access security agent (CASB)、 Security Web gateway (SWG)、 And zero trust network access (ZTNA).Gartner forecast , To 2024 year ,30% Of enterprises will adopt cloud delivery SWG、CASB、ZTNA and FWaaS function ,2020 This proportion is less than 5%.

“SASE It represents the industry direction , Can it be complete 、 Mature support for the above key functions will be the key to manufacturers' competition . Network hosting security is based on resources 、 technology 、 Advantages in service , Yes SASE It's already laid out , In recent years, continuous evolution ‘3+X’ Ability , Including deepening the network 、 Security 、 Edge computing power , And accelerate the construction of an open platform .” Lu Shibiao said .

according to the understanding of , this 《 The report 》 For the sixth consecutive year of nethome Technology . Nethome technology is committed to helping the public gain insight into the security situation , At the same time, always focus on the research of cutting-edge security technology , At present, network hosting security has been formed to cover data security 、 Host security 、 Container safety 、 Business security 、 Application security and network and access security 、 Zero trust security 、 Safety acceleration integration scheme, etc 10 Categories: 50 Safety capability .