Cloudflare published statistics on the nature of the traffic processed content from April 1, 2023 to March 31, 2024. Over the year, the share of dubious, malicious or garbage HTTP traffic, which was blocked or redirected to verification pages for straining bots (JavaScript test or captcha), increased from 6% to 6.8% per year. The peak values of such traffic reached 12% on certain days.
53.9% of the traffic blocked or directed for additional testing of traffic is related to malicious activities, attempts to attacks and activity of bots, 37.1% on DDoS attacks, and 7.2% for requests from IP addresses with poor reputation and located on blacklists.
Despite the fact that the most popular type of attacks on Web applications remains DDoS attacks causing service disruptions, there is an increase in attacks aimed at exploiting vulnerabilities. Administrators are recommended not to delay the installation of updates to eliminate critical vulnerabilities, as such attacks are becoming more prevalent. For example, attacks on vulnerabilities in products such as Jetbrains Teamcity, Apache Struts, Apache Spark, Adobe Coldfusion, and MobileIron have been increasingly active.
31.2% of the total traffic is associated with bot activity, with only 7% of bot requests generated by well-known legitimate services such as search engines. The remaining 93% are classified as unknown bots potentially capable of malicious actions.
There is also a noted increase in traffic related to calls to Web APIs that provide responses in JSON or XML formats. The share of such requests has reached 60% of the total dynamically generated traffic. A third of API requests are related to so-called “shadow” APIs, which are not properly protected and may pose security risks.