Cloudflare highlights issues in enterprise security with new vulnerabilities and DDoS attacks.

Cloudflare, Inc. (NYSE: NET), a leading cloud connectivity company, has released its annual report “State of Application Security 2024.” The report reveals the challenges that businesses face when implementing outdated security strategies in a context of increasing online threats.

Key Findings of the Report

Increasing DDoS Attacks: The report highlights a significant increase in the frequency and magnitude of distributed denial-of-service (DDoS) attacks. This attack vector is the most commonly used against web applications and APIs, representing 37.1% of the traffic mitigated by Cloudflare. Industries most affected include gaming and gambling, IT, cryptocurrencies, computer software, and marketing.

Rapid Exploitation of Zero-Day Vulnerabilities: Cloudflare has observed that new zero-day vulnerabilities are exploited at record speed, with exploitation recorded just 22 minutes after the publication of their proof of concept (PoC). This rapid exploitation underscores the need for a more agile response from security teams.

Proliferation of Malicious Bots: One-third of web traffic comes from bots, and of these, 93% are unverified and potentially malicious. Industries most affected by bots include manufactured goods, cryptocurrencies, network security, and the U.S. federal government.

Outdated Security Strategies for APIs: Companies continue to use traditional web application firewall (WAF) rules that follow a negative security model, assuming that the majority of web traffic is benign. However, few companies adopt more effective security practices based on a positive security model.

Risks in Software Supply Chain: The use of third-party software presents a growing risk. Companies use an average of 47.1 pieces of third-party code and establish around 49.6 outbound connections to these resources, exposing their supply chains to potential threats and compliance issues.

Cloudflare’s Comments

“Web applications were never built with security in mind. However, we use them daily for all kinds of critical functions, making them an ideal target for hackers,” said Matthew Prince, co-founder and CEO of Cloudflare. “Cloudflare’s network blocks an average of 209 billion cyber threats for our customers every day. The security layer surrounding current applications has become one of the most essential pieces to ensure that the Internet remains secure.”

Report Methodology

The report is based on aggregated traffic patterns detected by Cloudflare between April 1, 2023, and March 31, 2024, across its global network. Data and threat information were complemented with third-party sources. Cloudflare mitigated 6.8% of web application and API traffic during this period, classifying mitigated traffic as dangerous.

Additional Resources

For more information, interested parties can consult the “State of Application Security 2024 Report” on the official website or obtain a PDF copy.

About Cloudflare

Cloudflare, Inc. is a leader in cloud connectivity, with the mission of helping create a better Internet service. The company helps organizations worldwide increase speed and improve security for their employees, applications, and networks, reducing complexity and costs. Cloudflare blocks billions of online threats every day, providing a unified platform of cloud-native products and developer tools. Millions of organizations trust Cloudflare, from large brands and small businesses to non-profit organizations and governments.

Scroll to Top