Cloudflare’s Application Security Report

Cloudflare’s Application Security Report

Cloudflare released its latest Application Security Report, which contained some startling news. They found that nearly 7% of all web traffic is malicious. But what does this really mean?

The exact figure reported- 6.8%- is a full percent up from last year. 

One of the biggest factors influencing this increase has been the amount of wars and elections going on. 2024 is a huge year for democracy, with around 97 countries voting on leaders from the United States and Russia to Bangladesh and Brazil. Additionally, tensions are up with conflicts between Israel and Palestine, as well as Congo and other countries. The political climate has huge impacts on cybersecurity as many hacker groups are politically motivated (such as Russian groups REvil and KillNet). 

New vulnerabilities are being exploited at faster rates than ever before, often less than one hour after a new software is pushed to production. Additionally, zero-day exploits are up even more than in 2023. 

“However, Distributed Denial of Service (DDoS) attacks continue to be cybercriminals’ weapon of choice, making up over 37% of all mitigated traffic.”

Cloudflare reports that they blocked over 4.5 million DDoS attacks in the first quarter of 2024 alone, which is more than a third of the attacks they’d blocked off last year. And not only is the volume of attacks increasing, but so is the sophistication.

The report also highlights the dire need for increased API security. With over 83% of all web traffic being API-related, now more than ever, APIs are becoming the preferred attack target for bad actors. The primary concern is that many organizations are unaware of all their API endpoints, which makes it impossible to catch all the vulnerabilities before exploitation. After all, if you can’t see it, you can’t secure it.

“Evidence suggests the average enterprise application now uses 47 third-party scripts and connects to nearly 50 third-party destinations.”

Each of these connections has its own set of unique vulnerabilities that organizations need to address in order to stay on top of their API security.

Cloudflare also found out that a disturbingly high rate of the HTTP requests they are processing are automated bot traffic- as much as 38%. Although some bots can be harmless, up to 93% of them are potentially bad. 

Companies must take charge of their API security in an increasingly threat-filled environment. Today, an effective API security approach is multi-layered and begins at the application layer with full visibility into your API environment.

Take charge of your API security with FireTail today. To see how it works, schedule a demo here. Or to try it out yourself, sign up for our free tier here- you don’t even need a credit card.