Cyberattacks have surged in the past year due to global instability and election cycles, as WAF and bot mitigation now comprise over half of all mitigated internet traffic, while DDoS remains the primary attack vector.
Exploits are rapidly weaponized, with some leveraging vulnerabilities within minutes of public disclosure. Automated traffic accounts for a third of internet activity, with most originating from malicious sources, and API traffic has grown to 60% of total traffic, and a quarter of API endpoints remain unidentified.
Enterprise websites embed an average of 47 third-party services, increasing the attack surface as the massive 86.6% year-over-year increase in daily cyber threats is blocked to 209 billion in Q1 2024.
Global HTTP traffic mitigation increased from 6% to 6.8% between Q2 2023 and Q1 2024, with peak mitigation reaching 12% during major attacks, which represents a substantial rise in application layer and L7 DDoS attacks compared to the previous year, indicating a more aggressive threat landscape.
Cloudflare’s WAF and bot mitigation features are highly effective, blocking over half of malicious traffic, and by leveraging signals like WAF Attack Score and Bot Score, customers are enhancing security through custom WAF rules.
Following WAF and bot mitigations, HTTP DDoS rules are the primary defense against volumetric attacks, while IP reputation based on IP threat scores and basic IP/country access controls contribute significantly to overall traffic mitigation.
Attackers rapidly exploit disclosed CVEs, often within minutes of proof-of-concept release, as evidenced by the 22-minute exploitation of JetBrains TeamCity CVE-2024-27198, which, coupled with a 15% increase in disclosed CVEs in 2023, highlights the urgent need for accelerated defense mechanisms.
Cloudflare observed increased scanning, command injection, and exploitation attempts targeting specific vulnerabilities like Apache, Coldfusion, and MobileIron CVEs.
DDoS attacks remain the predominant threat to web applications, accounting for 37.1% of mitigated application traffic. HTTP DDoS attacks surged 93% year-over-year and 51% quarter-over-quarter in Q1 2024.
The 466% increase in DDoS attacks on Sweden following NATO membership is an example of how attack motives can range from monetary gain to political agendas.
The HTTP/2 Rapid Reset DDoS attack, which takes advantage of a zero-day vulnerability, is receiving a record-breaking 201 million requests per second, highlighting how serious the attack is becoming. Gaming, gambling, and internet technology companies are the main targets.
The detection systems reveal that bot traffic constitutes 31.2% of all application traffic, with 93% identified as potentially malicious, unverified bots. While some bots are beneficial, like search engine crawlers, others are harmful, such as those involved in inventory hoarding and DDoS attacks.
Industries like consumer goods face significant financial losses due to bot-driven abuse. API traffic is rapidly growing, with 60% of dynamic traffic being API-related and a quarter of APIs being “shadow APIs,” lacking proper inventory and security.
Enterprise applications rely heavily on third-party scripts, averaging 47 per application and connecting to nearly 50 third-party destinations, introducing significant client-side security risks.