• On the vulnerability front, the total number of Web application vulnerabilities actually decreased in 2016. This stat comes by way of Imperva researchers who last week reported their findings in a technical analysis of vulnerability trends for 2016. While that might get those with rose-colored glasses to proclaim progress in Web app security, researchers Nadav Avital and Mia Joskowicz believe that corresponding attack data shoots that down as unlikely. Instead, they believe that there's only so many security researchers out there in the wide world and right now, they've got other fish to fry.
  • Amichai Shulman, CTO Imperva, explained that, “This Yahoo breach and others before it teach us a couple of things: Attackers are still ahead of enterprises, even the larger companies when it comes to covering their tracks. The alleged breaches were only detected once the leaked information surfaced on the web; and time is still a factor.” 
  • Security firm Imperva has analyzed web application vulnerability trends in 2016 and determined that while some types of flaws have declined, others have become more common. Data collected by the company shows that the total number of vulnerabilities found over the past two years has increased, but the number of flaws affecting web applications has actually dropped.
  • Web security firm Imperva was hit by a 650Gbps (Gigabit per second) distributed denial of service (DDoS) attack at the end of 2016, the largest ever recorded on its network. The Leet botnet attack, which occurred just four days before Christmas, targeted several anycasted IPs on the Imperva Incapsula network over two waves, both of which were effectively defended against.
  • Just 10 days before the end of 2016, researchers from Imperva uncovered a massive 650Gbps DDoS attack generated by a new internet of things (IoT) botnet, dubbed “Leet” after a character string in the payload. It’s the first that can rival Mirai. “Attacks that combine the use of small and large payloads have become increasingly common since we first reported them in the spread their odds by trying to both clog network pipes and bring down network switches,” researchers said in an analysis.
  • With the Mirai source code open sourced and its effectiveness proven, more people looking for a quick buck are getting into it. With more players in the market, the price will go down. Pros will start modifying the Mirai and other code bases and it will evolve. In fact, Imperva has already detected a new 650Gbps botnet cannonwhose signature differs from Mirai.