Fastly report shows 91% of cyberattacks target multiple firms
Fastly has released its latest Fastly Threat Insights Report, revealing that 91% of cyberattacks in the past quarter targeted multiple customers. This marks a significant rise from 69% in 2023. The findings underscore a worrying trend of attackers employing mass scanning techniques to uncover and exploit software vulnerabilities across a broader range of targets.
The report is based on data collected between April and June 2024 through Fastly's Network Learning Exchange (NLX), with inputs from Fastly's Next-Gen Web Application Firewall (WAF) and traffic flagged by Fastly Bot Management. The NLX provides a collective threat intelligence feed, crucial for understanding emerging threats.
According to the report, mass scanning is increasingly used by adversaries. "91% of attacks originating from NLX sources targeted multiple customers; 19% targeted over 100 different customers," the report indicated. This is a substantial increase from Q2 2023, when 69% of attacks used this tactic. Such scanning significantly raises the probability of identifying at least one vulnerable system among the targets.
Simran Khalsa, a Staff Security Researcher at Fastly, commented on the findings: "By performing mass scanning, attackers increase the likelihood of discovering vulnerable systems. The more targets scanned, the higher the probability of finding at least one exploitable weakness. It's not enough to respond to attacks. We must anticipate them, continuously adapt, and stay one step ahead."
An additional finding highlighted the prevalence of bot traffic on the internet. The report estimated that 36% of global internet traffic is generated by automation tools, leaving 64% coming from human users. This indicates a substantial activity level by non-human actors online.
Another critical insight was the dramatic rise in the use of out-of-band domains to exploit vulnerabilities in WordPress plugins. Specific vulnerabilities (CVE-2024-2194, CVE-2023-6961, and CVE-2023-40000) were actively targeted using seven out-of-band domains to inject malicious content, install backdoors, and track infected applications.
The report also noted the use of short-lived IP addresses by attackers. It found that 49% of the IP addresses flagged by NLX were listed for just one day, with an average duration of 3.5 days. This practice allows attackers to evade detection, emphasising the need for adaptive security measures capable of addressing such transient threats.
The report further identified the high technology sector as the most targeted industry, accounting for 37% of attacks, although this has decreased from 46% last year. Other heavily targeted industries in 2024 include Media & Entertainment (21%) and Financial Services (17%).
"Based on trillions of requests across our global customer base, this new report provides an overview of the current threat landscape and actionable insights for security teams to help protect their valuable assets," said Khalsa.