May 2025
by Lim May-Ann
Since the dot com boom of the 1990s, the modern company today often has its online presence as its primary storefront, communication channel, and operational hub. Website security is therefore no longer just an IT concern – it is a core business function and gateway to a company’s other digital assets, and protecting it is paramount to business continuity and trust. As a result, cyber threats grow ever more sophisticated and relentless in targeting these vulnerable gateways.
Organisations cannot afford to ignore these evolving dangers – financial loss, destruction and damage to online assets, and erosion of trust in a company and sustained reputational damage are on the line.
What are some of today’s website and network threats? One of the most visible are Distributed Denial of Service (DDoS) attacks. These used to be floods of traffic that disrupted the ability of servers to deliver data by overwhelming requests; however modern DDoS attacks have evolved and are now leveraging sophisticated techniques that target exhausting network bandwidth, but also specific application layers. For example, the scale of volumetric attacks has increased exponentially – these are attacks that swamp a server with millions of requests.
• In Jan 2025, there was a 5.6 terabits per second (Tbps) attack directed at an internet service provider (ISP) in Eastern Asia
In addition to volumetric attacks are the application-layer attack – these use the trusted Application-Layer Protocol Negotiation (ALPN) Transport Layer Security (TLS) to embed malicious activities within legitimate network traffic, making detection by traditional security measures challenging.
- For example, the WezRat malware piggybacks on HTTPS for encrypted communication, hiding malicious commands within legitimate web traffic. This ensures that security tools relying on plain-text inspection fail to detect the threat. In Dec 2023, WezRat compromised a US-based IPTV streaming company to broadcast messages about the Israel-HAMAS conflict.
Similar to the application-layer attack, web application vulnerabilities remain a persistent and critical threat. The OWASP Top 10 list consistently highlights common pitfalls like SQL Injection, Cross-Site Scripting (XSS), and Broken Access Control. These flaws, often introduced during development or through misconfigured systems, allow attackers to steal sensitive data, deface websites, or gain unauthorized access to backend systems.
- For example, in Dec 2023, a hacking group ResumeLooters used primarily SQL injection attacks to steal more than two million email addresses and other personal information from at least 65 websites.
Another web-based threat comes from malicious bot traffic. While some bots are beneficial (an example are search engine crawlers which help search engines find your website faster/more accurately), an increasing number of bots are malicious. These automated programs fuel activities like credential stuffing, where stolen login details from other breaches are automatically tested against your website, leading to account takeovers. Artificial Intelligence (AI) tools are also helping to accelerate these bot-based threats, which also involve web scraping for competitive intelligence, ad fraud, and content theft, directly impacting revenue, data integrity, and competitive advantage.
- In May 2025, it was reported that about half of all internet traffic in Singapore was from such malicious bots aided by AI, demonstrating the extent of the bot traffic problem
Finally, Domain Name System (DNS) spoofing and cache poisoning attacks can redirect your users to malicious look-alike sites, even if they type a correct URL. If a company’s DNS infrastructure is targeted by a DDoS attack, their website effectively vanishes from the internet, regardless of the server’s operational status.
- One example is the MaginotDNS attack, which was profiled at Black Hat 2023, that targets Conditional DNS (CDNS) resolvers and can compromise entire TLDs top-level domains, causing the server to direct users who enter a domain to incorrect IP addresses, potentially leading them to malicious websites without their knowledge.
Companies must recognize that their online presence is not just a digital brochure but a critical asset demanding robust, continuous protection.
Here are some recommendations for companies to strengthen the protection of their online presences:
- Implement a Multi-Layered Security Strategy: A single firewall is no longer sufficient. Companies must deploy a comprehensive defence-in-depth approach. This includes a robust Web Application Firewall (WAF) to protect against application-layer attacks, a Content Delivery Network (CDN) with integrated DDoS protection to absorb volumetric attacks at the edge, and endpoint security solutions for user devices. Each layer acts as a barrier, increasing the complexity and cost for attackers.
- Embrace a Zero Trust Architecture: Shift to a “never trust, always verify” model, where you assume that no user, device, or application is inherently trustworthy, even within your network. Implement granular and specific access controls based on identity and context, utilise multi-factor authentication for all access, and segment your network into smaller, isolated zones (micro-segmentation). This significantly limits an attacker’s lateral movement if they manage to breach one segment – such as a breach of your website not linked to/able to impact other digital assets of the company.
- Leverage Advanced Bot Management Solutions To Identify and Plug Vulnerabilities: Distinguishing between legitimate and malicious bots is paramount. Implement specialized bot management platforms that use behavioural analysis, machine learning, and threat intelligence to identify and mitigate sophisticated automated attacks like credential stuffing, scraping, and ad fraud, without disrupting legitimate user traffic. This protects your data, preserves your online reputation, and safeguards your revenue streams.
- Develop Proactive Cybersecurity, Develop and Practice a Robust Incident Response Plan: Besides conducting regular security audits, penetration testing and vulnerability scans of your digital infrastructure, frequent patch remindersfor the organisation is critical, ensuring that all software, frameworks, and plugins are kept up-to-date. Also understand that despite best efforts, breaches can occur. Having a well-defined and regularly practiced incident response plan is crucial for minimizing damage and accelerating recovery. This plan should clearly define roles and responsibilities, communication protocols (internal and external), steps for containment, eradication, recovery, and a post-incident analysis process to learn and improve. Regular drills ensure that your team can execute the plan effectively under pressure.
The digital landscape will continue to evolve, bringing new threats and challenges. By embracing these recommendations, companies can move to cultivate a resilient online presence, protecting their assets, preserving customer trust, and ensuring their continued success in an increasingly interconnected world.
