A new report from Cloudflare reveals that DDoS attacks are increasing in frequency, and web applications and APIs are significant vulnerabilities that security teams struggle to manage.
According to the “State of Application Security 2024” report, the volume of threats from software supply chain issues, rising DDoS attacks, and malicious bots often exceed the resources of dedicated application security teams. Based on data observed from April 1, 2023, to March 31, 2024, Cloudflare highlighted key findings:
- DDoS attacks continue to rise, comprising 37.1% of all application traffic mitigated by Cloudflare. The most targeted industries include gaming, IT and internet, cryptocurrency, computer software, and marketing.
- There is an accelerating race between defenders and attackers, with new zero-day vulnerabilities being exploited within 22 minutes of their proof-of-concept (PoC) publication.
- Bad bots account for 31.2% of all traffic, with 93% being unverified and potentially malicious. Top targeted industries include manufacturing, cryptocurrency, security, and the US federal government.
- Organizations are using outdated approaches to secure APIs, relying on traditional web application firewall (WAF) rules that assume most web traffic is benign.
Insights reveal record-breaking time-to-exploit of new zero-day vulnerability, the largest DDoS attack in the history of the Internet, and increasing supply chain threats. At the same time, organizations struggle with outdated security approaches, https://t.co/02EN4xVNzE
— Everistus 🇳🇬🇨🇦 (@bytenaija) June 25, 2024
Cloudflare emphasized that the attack surface for web applications and APIs is expanding, driven by the increasing reliance on these technologies for everyday activities. This problem is exacerbated by the pressure on developers to rapidly deliver new features, leaving applications vulnerable to exploitation.
During the data collection period, Cloudflare mitigated 6.8% of all web application traffic, defining mitigated traffic as any that is blocked or challenged. Notable incidents included politically motivated DDoS attacks by the Anonymous Sudan group against various global targets.
New @Cloudflare Report Shows Organizations Struggle with Outdated Security Approaches, While Online Threats Increase – https://t.co/NdwkjhZ8rc
— Matthew Policastro (@mpolicastro) June 25, 2024
Matthew Prince, Cloudflare’s co-founder and CEO, stated, “Web applications are rarely built with security in mind. Yet, we use them daily for all sorts of critical functions, making them a rich target for hackers.”
This report underscores the urgent need for organizations to update their security practices to better protect against evolving threats.
Start Growing with Cloudways Today.
Our Clients Love us because we never compromise on these
Abdul Rehman
Abdul is a tech-savvy, coffee-fueled, and creatively driven marketer who loves keeping up with the latest software updates and tech gadgets. He's also a skilled technical writer who can explain complex concepts simply for a broad audience. Abdul enjoys sharing his knowledge of the Cloud industry through user manuals, documentation, and blog posts.
