[August 2025 Web Attack Trend Analysis] 1. Weekly Web Attack Trend Analysis By analyzing weekly web attack trends, it is possible to identify specific periods when web attacks were concentrated. Based on this, the findings can be used to establish proactive prevention and response strategies for periods with frequent attacks. The graph below visualizes the number of web attacks detected by AIWAF on a weekly basis during August 2025. An analysis of the data detected by AIWAF during August 2025 revealed that an average of over 350,000 web attacks were detected per day. This figure represents a noticeable upward trend compared to the previous month, demonstrating that threats targeting web servers continue to evolve in sophistication. In addition, the frequency of attacks was higher on weekends (Saturday and Sunday) compared to weekdays, which can be interpreted as a strategic approach that exploits the reduced usage of web servers during non-business hours. In particular, August 2 recorded the highest concentration of web attacks during the entire period, with SQL Injection accounting for the largest share among the detected attack types on that day. SQL Injection is a representative attack technique used to manipulate databases in order to steal system privileges or leak internal information. Attackers typically employ this method to bypass authentication procedures or to analyze database structures. Due to these characteristics, special attention is required to protect sensitive corporate information. In fact, within AIWAF, SQL Injection is classified as a high-risk attack type with the largest number of detection patterns configured. These findings highlight the need for continuous vigilance and precise response strategies against major web attack types, including SQL Injection. They also serve as an important reference for the establishment of future detection and prevention policies. 2. Web Attack Trends by Attack Type By analyzing web attack trends by attack type based on detection logs, it is possible to systematically identify which types of attacks occurred most frequently during the month. Such analysis goes beyond simple statistics and serves as a key foundation for developing organizational security policies and concretizing response frameworks. An analysis of detection logs collected by AIWAF during August 2025 revealed that various types of web attacks were detected. Among them, some attack types showed distinct patterns, such as concentrated occurrences during specific periods or accounting for a significant proportion of the total number of attacks. In particular, classic yet still highly threatening attack types such as SQL Injection and System File Access ranked among the top. These attacks are typically carried out repeatedly, mainly through automated attack tools or botnets. The graph below visualizes the distribution of web attack types detected by AIWAF in August 2025. According to the statistics of web attack types detected by AIWAF during August 2025, SQL Injection accounted for 37.29% of total detections, the highest proportion. This was followed by System File Access (14.65%), Default Page (13.65%), and App Weak (10.58%). These results indicate the need for more precise countermeasures and proactive preventive actions for specific attack types. First, SQL Injection is a highly critical attack type that consistently ranks near the top of the OWASP Top 10, and its techniques continue to evolve in diverse ways. This attack typically occurs when values supplied via user input are incorporated directly into SQL queries and executed. Attackers exploit this to perform abnormal authentication bypass, enumerate database structures, and steal sensitive data. Systems that use dynamic queries or lack sufficient input validation are particularly vulnerable to such attacks. The second most prevalent type, System File Access (14.65%), refers to attempts by attackers to exploit vulnerabilities in web applications to gain unauthorized access to internal system files and directories or manipulate arbitrary files. These attacks can result from web server misconfigurations, insufficient access controls, or failures in directory path validation. If successful, they may lead to privilege escalation or the installation of backdoors. The third type, Default Page (13.65%), targets pages left with default settings after installation or system message pages. Such pages often expose information that reveals the type and configuration state of the system software during the reconnaissance phase, which can then be leveraged for subsequent attacks. Although generally passive in nature, this attack type is often widely scanned using automated tools, making early detection and response essential. The fourth type, App Weakness (10.58%), exploits inherent security flaws in applications such as weak authentication, session management vulnerabilities, or configuration errors. Notably, there has been an increase in cases detected as authentication bypass attempts and API abuse within cloud-based SaaS systems and API-driven services. Such trends may significantly influence the development of future cloud security policies. The Web Attack Trend Report provides the latest web vulnerability analyses, industry-specific attack patterns, and key CVE-based vulnerability information, all based on processed data from the Read more about [2025.08] Web Attack Trend Report[…]
