Cloudflare Reports Almost 7% of Internet Traffic Is Malicious (zdnet.com) 34
In its latest State of Application Security Report, Cloudflare says 6.8% of traffic on the internet is malicious, "up a percentage point from last year's study," writes ZDNet's Steven Vaughan-Nichols. "Cloudflare, the content delivery network and security services company, thinks the rise is due to wars and elections. For example, many attacks against Western-interest websites are coming from pro-Russian hacktivist groups such as REvil, KillNet, and Anonymous Sudan." From the report: [...] Distributed Denial of Service (DDoS) attacks continue to be cybercriminals' weapon of choice, making up over 37% of all mitigated traffic. The scale of these attacks is staggering. In the first quarter of 2024 alone, Cloudflare blocked 4.5 million unique DDoS attacks. That total is nearly a third of all the DDoS attacks they mitigated the previous year. But it's not just about the sheer volume of DDoS attacks. The sophistication of these attacks is increasing, too. Last August, Cloudflare mitigated a massive HTTP/2 Rapid Reset DDoS attack that peaked at 201 million requests per second (RPS). That number is three times bigger than any previously observed attack.
The report also highlights the increased importance of application programming interface (API) security. With 60% of dynamic web traffic now API-related, these interfaces are a prime target for attackers. API traffic is growing twice as fast as traditional web traffic. What's worrying is that many organizations appear not to be even aware of a quarter of their API endpoints. Organizations that don't have a tight grip on their internet services or website APIs can't possibly protect themselves from attackers. Evidence suggests the average enterprise application now uses 47 third-party scripts and connects to nearly 50 third-party destinations. Do you know and trust these scripts and connections? You should -- each script of connection is a potential security risk. For instance, the recent Polyfill.io JavaScript incident affected over 380,000 sites.
Finally, about 38% of all HTTP requests processed by Cloudflare are classified as automated bot traffic. Some bots are good and perform a needed service, such as customer service chatbots, or are authorized search engine crawlers. However, as many as 93% of bots are potentially bad.
The report also highlights the increased importance of application programming interface (API) security. With 60% of dynamic web traffic now API-related, these interfaces are a prime target for attackers. API traffic is growing twice as fast as traditional web traffic. What's worrying is that many organizations appear not to be even aware of a quarter of their API endpoints. Organizations that don't have a tight grip on their internet services or website APIs can't possibly protect themselves from attackers. Evidence suggests the average enterprise application now uses 47 third-party scripts and connects to nearly 50 third-party destinations. Do you know and trust these scripts and connections? You should -- each script of connection is a potential security risk. For instance, the recent Polyfill.io JavaScript incident affected over 380,000 sites.
Finally, about 38% of all HTTP requests processed by Cloudflare are classified as automated bot traffic. Some bots are good and perform a needed service, such as customer service chatbots, or are authorized search engine crawlers. However, as many as 93% of bots are potentially bad.
confused cloudflare vs crowdstrike (Score:2)
they are different companies
Re: (Score:2)
Anyway, 7% seems like a pretty low ball park figure given that I monitor/update counter measures daily on several networks /s
So yes, at least 7%. Maybe they just take into account traffic which goes through their services and malicious people don't attack those because they go for the low hanging fruits and know cloudflare is supposed to provide protection in the first place.
Re: (Score:2)
The question is, why are AS (Autonomous Systems) still allowing malicious traffic to be routed?
We have databases of malicious IP spaces (some BEING cloudflare itself), why not just do what we've been doing with antivirus products and just load ip address block ranges in core routers. Make ISP's responsible for their own IP ranges when CPE (customer premises equipment) is detected as part of a malicious traffic load have the ISP notify the end user that their traffic will be aggressively managed should the m
Re: (Score:2)
interesting (Score:3)
Re: (Score:2)
wonder how accurate they are given cloudflare are notorious for fronting some very dodgy shit that generates a lot of bad traffic.
And I hear that Cloudflare are notoriously slow at taking down their "front" for those dodgy sites once Cloudflare is "appropriately notified cuz they have to investigate the claim".
Re: (Score:1)
surprised it's that low (Score:3)
If you read hear much, you would get the impression that microsoft is malicious, just an example within easy reach. Tor? is that included? Torrenting? Porn? No that can't be included. That's just business. It's a pretty grey area, imo.
I think a much larger portion of the web is quite hostile now regarding both untruthful representations (dark patterns) and collection of any and all data possible without legitimate requirement to do so.
Re: (Score:3)
It's the traffic incoming onto Cloudflare servers, that triggers their badness filters, and is therefore blocked (which is the point of Cloudflare's offer). According to TFA, DDoS attacks account for 37% of their "mitigated traffic", and a recent example peaked at 201 million requests per second. They assign the recent increase "to wars and elections".
Re: (Score:2)
MS is just an example of sufficiently advanced incompetence being indistinguishable from malice. Tor, Torrenting, and Porn are not malicious traffic. They may (or may not) be traffic that is illegal in some places but not malicious.
Malicious traffic is traffic intended to interfere with the operation of the network or machines on it. Yes, that means some of the attacks on Tor exit nodes and torrent and porn servers themselves count as malicious traffic. Botnet CandC and viruses are malicious traffic.
Re: (Score:2)
I am however suggesting that our service providers have become hostile to customer wants and needs.
Microsoft is incompetent? I would agree.. but I think their recent feature additions and public statements interpreting "fair use" in their favour, to state they are more or less entitled to take everything on the web as data to ingest
as a security company (Score:5, Insightful)
Cloudflare is malicious. (Score:5, Insightful)
Or at least a giant honeypot threat.
Cloudflare is the single largest man-in-the-middle on the internet. Their model requires that they be given SSL certs so they can decrypt traffic between the end user and thousands of websites. So the end-user sees a lock icon and thinks it is encrypted all the way to the website, but it is really only encrypted between the user and middle-man cloudflare who is seeing everything. After that, it may or may not be encrypted between CF and the website's servers.
This undermines the entire premise of a secure connection between the end-user and the website. And don't even get me started with the crap CF does when it notices Tor and VPN connections.
If a three-letter agency (or any other deep pockets) wanted to scoop up most website traffic they could not ask for a better resource than CF. I do not know if CF is actively selling this data goldmine but I would bet money that they are.
CF is a menace, and the internet was a better place before it came along.
true however (Score:5, Insightful)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
In related news ... (Score:3)
Almost 7% of Internet Traffic Is Malicious
80% - Porn
10% - Pet videos
03% - Other
To be honest, the porn percentage seems low. :-)
Re: (Score:2)
And the rest is porn (Score:4, Insightful)
Re: (Score:3)
Re: (Score:2)
One person (Score:2)
It's getting to the point where one person, just one motivated asshole will be able to crash the internet, or at least large portions of it, at will.
Not malicious (Score:4, Insightful)
Not malicious, but unfortunate users who cant pass endless amounts of capachas....
VPN, Tor, or having secured web settings = prove your not a bot hell
Al scrapers (Score:3)
So they don't count Al scrapers as malicious? The TOS and robots.txt of my sites deny Al scrapers, yet, they continue to visit them a lot.
Re: (Score:2)
What they don't report is (Score:2)
90% of the internet traffic is corporate surveillance, because Cloudflare is a very big part of it.
Yet corporate surveillance is malicious - but not when you're a corporation like CloudFlare of course...
API danger... (Score:2)
What's worrying is that many organizations appear not to be even aware of a quarter of their API endpoints.
Unfortunately, that is totally believable. Everything in the cloud, everything "as a service". Pop up another service, skip running it by the internal security team (if there even is a security team, and done. Another public vulnerability.
Also, it is far more interesting - both for marketing and for IT types - to put up the next service, instead of maintaining all the old ones.
Incorrect link (Score:1)
False positives? (Score:2)
Does this include all the times Cloudflare decides I'm a bot because I'm using Firefox (on Linux or macOS! obviously suspicious) and it won't let me access a website?
and thats just the stuff (Score:2)
Sounds pretty good (Score:2)
More than half the phone calls I've gotten this year have been spam, and probably fraudulent.