In its latest Application Security Report, Cloudflare highlights a troubling trend: nearly 7% of internet traffic is now considered malicious. This represents a notable increase from the previous year and highlights the growing challenges in maintaining secure online environments.
Over the last year, geopolitical uncertainties and active election cycles worldwide have led to an uptick in malicious internet activity. Cloudflare’s analysis reveals that the mitigated traffic across its network now averages 7%, with web application firewalls (WAF) and bot mitigations making up more than half of this total. Notably, DDoS attacks remain the most prevalent threat against web applications.
Cloudflare reports that about one-third of all internet traffic is automated, and 93% of this bot traffic is potentially malicious. These unverified bots often engage in harmful activities such as hoarding inventory, launching DDoS attacks, or attempting account takeovers through brute force or credential stuffing.
The report also sheds light on the increasing prevalence of API traffic, which now accounts for 60% of all internet traffic. Up to a quarter of API endpoints organizations use remain unaccounted for, highlighting significant blind spots in many companies’ security postures. These “shadow APIs” can pose substantial risks if not adequately inventoried and secured.
Cloudflare’s infrastructure, which processes an average of 57 million HTTP requests per second, has seen a notable rise in cyber threats. In the first quarter of 2024 alone, the company blocked an average of 209 billion cyber threats daily, marking an 86.6% increase compared to last year. This sharp rise indicates that attackers are becoming more sophisticated and persistent.
Client-side security is another focal point of the report, especially given the proliferation of third-party integrations in web applications. On average, enterprise websites integrate 47 third-party scripts, which can introduce vulnerabilities. The report emphasizes the importance of monitoring these scripts, as attackers can exploit them for data exfiltration or other malicious activities. For example, as was the case with Polyfill.io, which was sold to new owners, and those new owners tried to inject a supply chain attack – Polyfill was used on over 110,000 active sites at the time of disclosure.
The speed at which attackers exploit disclosed vulnerabilities, or CVEs (Common Vulnerabilities and Exposures), is also concerning. In some cases, Cloudflare observed exploitation attempts just 22 minutes after the proof-of-concept code was published.
The report also highlights the impact of DDoS attacks on different sectors. For instance, Cloudflare observed a 466% increase in DDoS attacks on Sweden following its acceptance into NATO. Such politically motivated attacks demonstrate the varied motives behind DDoS campaigns, ranging from financial gains to political statements.
To address these security challenges, Cloudflare continues to innovate and offer solutions that enhance protection for its users. The introduction of AIndependence, a tool to block AI bots, and Turnstile, a user-friendly alternative to CAPTCHA, are recent examples of such efforts. These tools aim to preserve a safe internet environment by accurately differentiating between human and automated traffic.
