Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
The Internet Security

Cloudflare Reports Almost 7% of Internet Traffic Is Malicious (zdnet.com) 34

In its latest State of Application Security Report, Cloudflare says 6.8% of traffic on the internet is malicious, "up a percentage point from last year's study," writes ZDNet's Steven Vaughan-Nichols. "Cloudflare, the content delivery network and security services company, thinks the rise is due to wars and elections. For example, many attacks against Western-interest websites are coming from pro-Russian hacktivist groups such as REvil, KillNet, and Anonymous Sudan." From the report: [...] Distributed Denial of Service (DDoS) attacks continue to be cybercriminals' weapon of choice, making up over 37% of all mitigated traffic. The scale of these attacks is staggering. In the first quarter of 2024 alone, Cloudflare blocked 4.5 million unique DDoS attacks. That total is nearly a third of all the DDoS attacks they mitigated the previous year. But it's not just about the sheer volume of DDoS attacks. The sophistication of these attacks is increasing, too. Last August, Cloudflare mitigated a massive HTTP/2 Rapid Reset DDoS attack that peaked at 201 million requests per second (RPS). That number is three times bigger than any previously observed attack.

The report also highlights the increased importance of application programming interface (API) security. With 60% of dynamic web traffic now API-related, these interfaces are a prime target for attackers. API traffic is growing twice as fast as traditional web traffic. What's worrying is that many organizations appear not to be even aware of a quarter of their API endpoints. Organizations that don't have a tight grip on their internet services or website APIs can't possibly protect themselves from attackers. Evidence suggests the average enterprise application now uses 47 third-party scripts and connects to nearly 50 third-party destinations. Do you know and trust these scripts and connections? You should -- each script of connection is a potential security risk. For instance, the recent Polyfill.io JavaScript incident affected over 380,000 sites.

Finally, about 38% of all HTTP requests processed by Cloudflare are classified as automated bot traffic. Some bots are good and perform a needed service, such as customer service chatbots, or are authorized search engine crawlers. However, as many as 93% of bots are potentially bad.

This discussion has been archived. No new comments can be posted.

Cloudflare Reports Almost 7% of Internet Traffic Is Malicious

Comments Filter:
  • they are different companies

    • by ls671 ( 1122017 )

      Anyway, 7% seems like a pretty low ball park figure given that I monitor/update counter measures daily on several networks /s

      So yes, at least 7%. Maybe they just take into account traffic which goes through their services and malicious people don't attack those because they go for the low hanging fruits and know cloudflare is supposed to provide protection in the first place.

      • by Kisai ( 213879 )

        The question is, why are AS (Autonomous Systems) still allowing malicious traffic to be routed?

        We have databases of malicious IP spaces (some BEING cloudflare itself), why not just do what we've been doing with antivirus products and just load ip address block ranges in core routers. Make ISP's responsible for their own IP ranges when CPE (customer premises equipment) is detected as part of a malicious traffic load have the ISP notify the end user that their traffic will be aggressively managed should the m

        • I suspect it is sort of like the phone service. Prior to shake/stir, telco's were required to route all calls. I would be delighted if my cloud provider offered a service on my box to block suspected IP's. I end up doing it manually and it is a PIA.
  • by bloodhawk ( 813939 ) on Tuesday July 16, 2024 @07:11PM (#64631209)
    wonder how accurate they are given cloudflare are notorious for fronting some very dodgy shit that generates a lot of bad traffic.
    • wonder how accurate they are given cloudflare are notorious for fronting some very dodgy shit that generates a lot of bad traffic.

      And I hear that Cloudflare are notoriously slow at taking down their "front" for those dodgy sites once Cloudflare is "appropriately notified cuz they have to investigate the claim".

    • Which is ironic since the "cloudflare security check" is already shady enough.
  • by Big Hairy Gorilla ( 9839972 ) on Tuesday July 16, 2024 @07:21PM (#64631229)
    but it all comes down to the definition of malicious.
    If you read hear much, you would get the impression that microsoft is malicious, just an example within easy reach. Tor? is that included? Torrenting? Porn? No that can't be included. That's just business. It's a pretty grey area, imo.

    I think a much larger portion of the web is quite hostile now regarding both untruthful representations (dark patterns) and collection of any and all data possible without legitimate requirement to do so.
    • It's the traffic incoming onto Cloudflare servers, that triggers their badness filters, and is therefore blocked (which is the point of Cloudflare's offer). According to TFA, DDoS attacks account for 37% of their "mitigated traffic", and a recent example peaked at 201 million requests per second. They assign the recent increase "to wars and elections".

    • by sjames ( 1099 )

      MS is just an example of sufficiently advanced incompetence being indistinguishable from malice. Tor, Torrenting, and Porn are not malicious traffic. They may (or may not) be traffic that is illegal in some places but not malicious.

      Malicious traffic is traffic intended to interfere with the operation of the network or machines on it. Yes, that means some of the attacks on Tor exit nodes and torrent and porn servers themselves count as malicious traffic. Botnet CandC and viruses are malicious traffic.

      • Sure. I appreciate your clarification.

        I am however suggesting that our service providers have become hostile to customer wants and needs.

        Microsoft is incompetent? I would agree.. but I think their recent feature additions and public statements interpreting "fair use" in their favour, to state they are more or less entitled to take everything on the web as data to ingest ... they've jumped the shark... to malicious. But as I've argued with others here, I'm not specifically picking on Microsoft, it's clear th
  • by FudRucker ( 866063 ) on Tuesday July 16, 2024 @07:38PM (#64631267)
    they are not going to put out a press release that makes their business model look unnecessary
  • by Anonymous Coward on Tuesday July 16, 2024 @07:46PM (#64631285)

    Or at least a giant honeypot threat.

    Cloudflare is the single largest man-in-the-middle on the internet. Their model requires that they be given SSL certs so they can decrypt traffic between the end user and thousands of websites. So the end-user sees a lock icon and thinks it is encrypted all the way to the website, but it is really only encrypted between the user and middle-man cloudflare who is seeing everything. After that, it may or may not be encrypted between CF and the website's servers.

    This undermines the entire premise of a secure connection between the end-user and the website. And don't even get me started with the crap CF does when it notices Tor and VPN connections.

    If a three-letter agency (or any other deep pockets) wanted to scoop up most website traffic they could not ask for a better resource than CF. I do not know if CF is actively selling this data goldmine but I would bet money that they are.

    CF is a menace, and the internet was a better place before it came along.

    • true however (Score:5, Insightful)

      by Anonymous Coward on Tuesday July 16, 2024 @08:03PM (#64631341)
      It's not unique to cloudflare - Akamai and Amazon and many other companies do the same thing. And in the old days websites would go down all the time, even Slashdot itself could bring down a website. Like it was pretty much expected to happen to any website linked by Slashdot unless the website was hosted by a major company. You're welcome to go naked these days but as soon as somebody doesn't like you they'll aim the DDOS cannon at your website and it will be gone. So basically because a bunch of people are assholes we can't have nice things anymore.
      • We could still have nice things, but it would mean taking down the pawns of the DDOS kings. And those pawns are usually some unlucky spectrum/uverse/cox/... customer. The blowback I imagine with disabling all those uneducated customers would be giant for the ISP's. But then the rest of us would have nice things again.
        • "We could still have nice things, but it would mean taking down the pawns of the DDOS kings. And those pawns are usually some unlucky spectrum/uverse/cox/... customer" The botmasters just replace the node that is Grandma's old e-Machines, and likely this is done automatically without intervention or knowledge of those botmasters. And their botnet spans many ISPs any many many unpatched machines. The plebs just can't win this one, and taking down huge swaths of users who will just go to a different service
          • I think you missed the obvious. Grandma's old e-machine would have its internet connection pulled by the ISP when it started sending spam, doing syn floods etc. She is a pawn just like someone who bought the latest greatest gaming machine. The gatekeepers are the ISP's. They could do even simple stuff like is this connection sending 10 syn's on weird ports every second? Is the machine ever following thru and making a full tcp connection? If it is, is the connection sending any data? If those are true, disab
  • by fahrbot-bot ( 874524 ) on Tuesday July 16, 2024 @08:05PM (#64631343)

    Almost 7% of Internet Traffic Is Malicious

    80% - Porn
    10% - Pet videos
    03% - Other

    To be honest, the porn percentage seems low. :-)

  • by battingly ( 5065477 ) on Tuesday July 16, 2024 @08:24PM (#64631373)
    If 6.8% is malicious, that leaves a maximum of 93.2% porn, which sounds suspiciously low.
  • It's getting to the point where one person, just one motivated asshole will be able to crash the internet, or at least large portions of it, at will.

  • Not malicious (Score:4, Insightful)

    by G00F ( 241765 ) on Tuesday July 16, 2024 @09:33PM (#64631439) Homepage

    Not malicious, but unfortunate users who cant pass endless amounts of capachas....

    VPN, Tor, or having secured web settings = prove your not a bot hell

  • by El_Muerte_TDS ( 592157 ) on Tuesday July 16, 2024 @11:58PM (#64631613) Homepage

    So they don't count Al scrapers as malicious? The TOS and robots.txt of my sites deny Al scrapers, yet, they continue to visit them a lot.

  • 90% of the internet traffic is corporate surveillance, because Cloudflare is a very big part of it.

    Yet corporate surveillance is malicious - but not when you're a corporation like CloudFlare of course...

  • What's worrying is that many organizations appear not to be even aware of a quarter of their API endpoints.

    Unfortunately, that is totally believable. Everything in the cloud, everything "as a service". Pop up another service, skip running it by the internal security team (if there even is a security team, and done. Another public vulnerability.

    Also, it is far more interesting - both for marketing and for IT types - to put up the next service, instead of maintaining all the old ones.

  • The Security Report in the link goes to CrowdStrike and not Cloudflare. CrowdStrike's report doesn't contain the stats being referenced in the article. Pulled the correct link to the blog post and included it here. https://blog.cloudflare.com/ap... [cloudflare.com]
  • Does this include all the times Cloudflare decides I'm a bot because I'm using Firefox (on Linux or macOS! obviously suspicious) and it won't let me access a website?

  • sent out to make money off trump.
  • More than half the phone calls I've gotten this year have been spam, and probably fraudulent.

To communicate is the beginning of understanding. -- AT&T

Working...