"Many organisations still do not have sanitised coding practices and this leaves them vulnerable. It's been around for 15 years and it's still a big problem."
According to the report, the retail sector was the hardest hit by web application attacks, followed by the media and entertainment, hotel and travel sectors.
There were eight incidents described as 'mega-attacks' in Q1, each exceeding 100 Gbps. The firm said such large attacks were rarely seen a year ago. The largest attack it observed this year peaked at 170 Gbps.
A vast majority of attacks observed came from China. Ellis explained that the sheer volume of internet users coupled with low levels of security, made China attractive to DDoS attackers.
"You just need to look at the numbers. China has around 1.4 billion people, of those, 640 million are online and well over 50 per cent of the desktops are infected with malware," he said.
"For a cyber criminal, this is fantastic because there is all this infrastructure that can be exploited to build out an attack infrastructure.
"A lot of cybercriminals are building out these botnets, putting a nice facade on them and offering legitimate stress testing services, all this is effectively doing is passing on the target information to the bots that they control.
"China does not have extradition treaties with many countries. so it is difficult for organisations like Interpol to apprehend criminals based in China" he said.
Sign up for CIO Asia eNewsletters.