STOCK TITAN
  1. Home
  2. News
  3. FSLY

New Fastly Threat Research Reveals 91% of Cyberattacks Targeted Multiple Organizations Using Mass Scanning to Uncover and Exploit Vulnerabilities

Rhea-AI Impact
(Low)
Rhea-AI Sentiment
(Neutral)
Tags
Rhea-AI Summary

Fastly's latest Threat Insights Report reveals alarming trends in cybersecurity. Key findings include:

1. 91% of cyberattacks targeted multiple organizations using mass scanning techniques, up from 69% in 2023.

2. Bots comprise 36% of global internet traffic.

3. Increased usage of out-of-band domains to exploit WordPress Plugin vulnerabilities.

4. 49% of malicious IP addresses were active for just one day, with an average duration of 3.5 days.

5. High Tech remains the top targeted industry (37%), followed by Media & Entertainment (21%) and Financial Services (17%).

The report emphasizes the importance of adaptive security controls and proactive threat anticipation.

Il Rapporto sulle Minacce di Fastly rivela tendenze allarmanti nella cybersecurity. I risultati chiave includono:

1. Il 91% degli attacchi informatici ha preso di mira più organizzazioni utilizzando tecniche di scansione di massa, in aumento rispetto al 69% nel 2023.

2. I bot rappresentano il 36% del traffico internet globale.

3. Maggiore utilizzo di domeni fuori banda per sfruttare le vulnerabilità dei plugin di WordPress.

4. Il 49% degli indirizzi IP dannosi è stato attivo per solo un giorno, con una durata media di 3,5 giorni.

5. High Tech rimane il settore più colpito (37%), seguito da Media e Intrattenimento (21%) e Servizi Finanziari (17%).

Il rapporto sottolinea l'importanza di controlli di sicurezza adattivi e dell'anticipazione proattiva delle minacce.

El Informe de Amenazas de Fastly revela tendencias alarmantes en ciberseguridad. Los hallazgos clave incluyen:

1. El 91% de los ciberataques se dirigieron a múltiples organizaciones utilizando técnicas de escaneo masivo, un aumento del 69% en 2023.

2. Los bots constituyen el 36% del tráfico en internet global.

3. Aumento en el uso de dominios fuera de banda para explotar vulnerabilidades de plugins de WordPress.

4. El 49% de las direcciones IP maliciosas estuvo activa durante solo un día, con una duración promedio de 3,5 días.

5. Alta Tecnología sigue siendo la industria más atacada (37%), seguida de Medios y Entretenimiento (21%) y Servicios Financieros (17%).

El informe enfatiza la importancia de controles de seguridad adaptativos y de la anticipación proactiva de amenazas.

Fastly의 위협 통찰 보고서는 사이버 보안에서 경악스러운 추세를 드러냅니다. 주요 발견 사항은 다음과 같습니다:

1. 91%의 사이버 공격이 대량 스캔 기법을 사용하여 여러 조직을 표적 삼았으며, 이는 2023년의 69%에서 증가한 수치입니다.

2. 봇은 전 세계 인터넷 트래픽의 36%를 차지하고 있습니다.

3. WordPress 플러그인 취약점을 악용하기 위해 대역 외 도메인 사용이 증가하고 있습니다.

4. 49%의 악성 IP 주소가 단 하루만 활성화되었으며, 평균 지속 기간은 3.5일입니다.

5. 하이테크 산업이 여전히 가장 많이 공격받는 분야(37%)이며, 뒤이어 미디어 및 엔터테인먼트(21%)와 금융 서비스(17%)가 있습니다.

이 보고서는 적응형 보안 통제 및 능동적인 위협 예측의 중요성을 강조합니다.

Le Rapport sur les Menaces de Fastly révèle des tendances alarmantes en matière de cybersécurité. Les principales conclusions incluent :

1. 91 % des cyberattaques ont visé plusieurs organisations en utilisant des techniques de balayage de masse, en hausse par rapport à 69 % en 2023.

2. Les bots représentent 36 % du trafic internet mondial.

3. Augmentation de l'utilisation des domaines hors bande pour exploiter les vulnérabilités des plugins WordPress.

4. 49 % des adresses IP malveillantes ont été actives pendant seulement un jour, avec une durée moyenne de 3,5 jours.

5. High Tech reste le secteur le plus ciblé (37 %), suivi par les médias et divertissements (21 %) et les services financiers (17 %).

Le rapport souligne l'importance des contrôles de sécurité adaptatifs et de l'anticipation proactive des menaces.

Der Bedrohungsbericht von Fastly zeigt alarmierende Trends in der Cybersicherheit auf. Zu den wichtigsten Ergebnissen gehören:

1. 91 % der Cyberangriffe richteten sich gegen mehrere Organisationen mithilfe von Massenscan-Techniken, ein Anstieg von 69 % im Jahr 2023.

2. Bots machen 36% des globalen Internetverkehrs aus.

3. Zunehmende Nutzung von Out-of-Band-Domains zur Ausnutzung von WordPress-Plugin-Schwachstellen.

4. 49 % der bösartigen IP-Adressen waren nur einen Tag lang aktiv, mit einer durchschnittlichen Dauer von 3,5 Tagen.

5. High Tech bleibt die am stärksten angegriffene Branche (37 %), gefolgt von Medien und Unterhaltung (21 %) und Finanzdienstleistungen (17 %).

Der Bericht betont die Wichtigkeit adaptiver Sicherheitskontrollen und proaktiver Bedrohungsantizipation.

Positive
  • Fastly's Next-Gen WAF protects over 90,000 apps and APIs
  • Fastly's WAF inspects ~5.5 trillion requests per month
  • Fastly provides valuable threat intelligence through its Network Learning Exchange (NLX)
Negative
  • 91% of cyberattacks targeted multiple organizations, up from 69% in 2023
  • 36% of global internet traffic is attributed to bots
  • Increase in usage of out-of-band domains to exploit WordPress Plugin vulnerabilities
  • 49% of malicious IP addresses were active for just one day, making detection difficult

Insights

The surge in mass scanning attacks, targeting 91% of customers (up from 69% last year), signals a significant shift in cybercriminal tactics. This widespread approach increases the odds of finding vulnerabilities across multiple organizations, amplifying the potential impact of each attack. The prevalence of short-lived IP addresses (49% lasting just one day) indicates sophisticated evasion techniques, challenging traditional security measures.

The rise in out-of-band domain usage for WordPress plugin exploits is particularly concerning, as it allows attackers to inject malicious content and install backdoors stealthily. With bots comprising 36% of internet traffic, organizations must bolster their bot management strategies to differentiate between legitimate and malicious automated activities.

The report highlights the tech sector's continued vulnerability, accounting for 37% of attacks. While this represents a slight decrease from last year's 46%, it underscores the persistent targeting of high-value tech assets. The media & entertainment (21%) and financial services (17%) sectors are also prime targets, indicating a diverse threat landscape.

The increase in mass scanning techniques suggests that attackers are casting wider nets, potentially impacting a broader range of companies across these sectors. This trend necessitates a more collaborative approach to cybersecurity, where threat intelligence sharing becomes important for collective defense against evolving attack methodologies.

The findings underscore the need for a paradigm shift in cybersecurity risk management. With 91% of attacks targeting multiple organizations, companies can no longer rely solely on their own defenses. The interconnected nature of modern cyber threats demands a more collaborative, ecosystem-wide approach to risk mitigation.

The short lifespan of malicious IP addresses (3.5 days on average) emphasizes the importance of real-time threat intelligence and adaptive security controls. Organizations must invest in dynamic defense mechanisms capable of responding to rapidly changing threat vectors. Additionally, the prevalence of bot traffic (36%) necessitates sophisticated bot management strategies to protect against automated threats without impeding legitimate traffic.

Additional findings show unwanted bots, short-lived IP addresses and out-of-band domains used by adversaries to commit cybercrime and avoid detection

SAN FRANCISCO--(BUSINESS WIRE)-- Fastly, Inc. (NYSE: FSLY), a leader in global edge cloud platforms, today released the “Fastly Threat Insights Report,” which found 91% of cyberattacks – up from 69% in 2023 – targeted multiple customers using mass scanning techniques to uncover and exploit software vulnerabilities, revealing an alarming trend in attacks spreading across a broader target base. This new report provides the latest attack trends and techniques across the web application and API security landscape.

The Fastly Threat Insights Report builds on the 2023 “Fastly Network Effect Threat Report,” and is based on data collected April 11 to June 30, 2024 from Fastly’s Network Learning Exchange (NLX), the collective threat intelligence feed for Fastly’s Next-Gen WAF, and Out-of-Band (OOB) Domains as well as traffic signaled by Fastly Bot Management from April 1 to June 30, 2024. Fastly’s Next-Gen WAF protects over 90,000 apps and APIs1 and inspects ~5.5 trillion requests per month2 across some of the world’s largest e-commerce, streaming, media and entertainment, financial services, and technology companies.

Among the report’s key findings:

  • Adversaries performing mass scanning: 91% of attacks originating from NLX sources targeted multiple customers; 19% targeted over 100 different customers. This is a significant increase from Q2 2023 insights, where 69% of NLX sources targeted multiple customers.
  • Bots comprise more than one-third of Internet traffic: A significant amount of global internet traffic is attributed to requests generated by automation tools; approximately 36% of traffic originated from bots, while the remaining 64% came from human users.
  • Dramatic increase in usage of out-of-band domains to actively exploit three WordPress Plugin CVEs (CVE-2024-2194, CVE-2023-6961, and CVE-2023-40000). Seven out-of-band domains were used to inject malicious content, install backdoors, and track infected applications.
  • Short-lived IP addresses help attackers evade detection: 49% of IP addresses added to NLX were listed for just one day, with the average duration being 3.5 days. Attackers use IPs for a short period to avoid detection, highlighting the importance of adaptive security controls that can mitigate varied threats.
  • High Tech remains top industry targeted, accounting for 37% of attacks, although slightly down from last year at 46%. Other top industries for 2024 include Media & Entertainment (21%) and Financial Services (17%).

“By performing mass scanning, attackers increase the likelihood of discovering vulnerable systems. The more targets scanned, the higher the probability of finding at least one exploitable weakness,” said Fastly Staff Security Researcher Simran Khalsa. “It’s not enough to respond to attacks. We must anticipate them, continuously adapt, and stay one step ahead. Based on trillions of requests across our global customer base, this new report provides an overview of the current threat landscape and actionable insights for security teams to help protect their valuable assets.”

To read the complete report, visit https://learn.fastly.com/security-threat-insights-report.

About Fastly, Inc.

Fastly’s powerful and programmable edge cloud platform helps the world’s top brands deliver online experiences that are fast, safe, and engaging through edge compute, delivery, security, and observability offerings that improve site performance, enhance security, and empower innovation at global scale. Compared to other providers, Fastly’s powerful, high-performance, and modern platform architecture empowers developers to deliver secure websites and apps with rapid time-to-market and demonstrated, industry-leading cost savings. Organizations around the world trust Fastly to help them upgrade the internet experience, including Reddit, Neiman Marcus, Universal Music Group, and SeatGeek. Learn more about Fastly at https://www.fastly.com, and follow us @fastly.

____________________

1 As of March 2022.
2 Trailing 6-month average as of August 1, 2024.

Source: Fastly, Inc.

Media Contact

Spring Harris

press@fastly.com

Investor Contact

Vernon Essi, Jr.

ir@fastly.com

Source: Fastly, Inc.

FAQ

What percentage of cyberattacks targeted multiple organizations according to Fastly's 2024 report?

According to Fastly's 2024 Threat Insights Report, 91% of cyberattacks targeted multiple organizations using mass scanning techniques, up from 69% in 2023.

How much of global internet traffic is attributed to bots in Fastly's 2024 report?

Fastly's 2024 report reveals that approximately 36% of global internet traffic is attributed to bots, while the remaining 64% comes from human users.

What is the average duration of malicious IP addresses according to Fastly's 2024 report?

Fastly's 2024 Threat Insights Report shows that the average duration of malicious IP addresses is 3.5 days, with 49% being active for just one day.

Which industry remains the top target for cyberattacks according to Fastly's 2024 report?

According to Fastly's 2024 report, the High Tech industry remains the top target for cyberattacks, accounting for 37% of attacks, although slightly down from 46% last year.

Stock FSLY logo
Fastly, Inc.

NYSE:FSLY

FSLY Rankings

#2233 Ranked by Market Cap
N/A Ranked by Dividends

FSLY Latest News

Dec 16, 2024
Fastly AI Accelerator Helps Developers Unleash the Power of Generative AI
Dec 2, 2024
Fastly Announces Issuance of 7.75% Convertible Senior Notes due 2028 and Repurchases of a Portion of its Existing 0.00% Convertible Senior Notes due 2026
Nov 19, 2024
Long Road to Recovery: Fastly Research Reveals Businesses Taking 25% Longer to Recover From Cybersecurity Incidents Than Expected
Nov 18, 2024
Fastly Named a Leader in IDC MarketScape for Worldwide Edge Delivery Services 2024
Nov 6, 2024
Fastly Announces Third Quarter 2024 Financial Results

FSLY Stock Data

1.44B
130.39M
7.15%
72.2%
7.27%
Software - Application
Services-prepackaged Software
Link
United States of America
SAN FRANCISCO