Adversaries love bots, short-lived IP addresses, out-of-band domains

Fastly found 91% of cyberattacks – up from 69% in 2023 – targeted multiple customers using mass scanning techniques to uncover and exploit software vulnerabilities, revealing an alarming trend in attacks spreading across a broader target base.

Industries ranked by the percentage of targeted attacks (Source: Fastly)

The Fastly Threat Insights Report is based on data collected April 11 to June 30, 2024 from Fastly’s Network Learning Exchange (NLX), as well as traffic signaled by Fastly Bot Management from April 1 to June 30, 2024.

Key findings

Adversaries performing mass scanning: 91% of attacks originating from NLX sources targeted multiple customers; 19% targeted over 100 different customers. This is a significant increase from Q2 2023 insights, where 69% of NLX sources targeted multiple customers.

Bots comprise more than one-third of Internet traffic: A significant amount of global internet traffic is attributed to requests generated by automation tools; approximately 36% of traffic originated from bots, while the remaining 64% came from human users

Increase in usage of out-of-band domains to actively exploit three WordPress Plugin CVEs (CVE-2024-2194, CVE-2023-6961, and CVE-2023-40000). Seven out-of-band domains were used to inject malicious content, install backdoors, and track infected applications.

Short-lived IP addresses help attackers evade detection: 49% of IP addresses added to NLX were listed for just one day, with the average duration being 3.5 days. Attackers use IPs for a short period to avoid detection, highlighting the importance of adaptive security controls that can mitigate varied threats.

High tech remains top targeted industry, accounting for 37% of attacks, although slightly down from last year at 46%.Other top industries for 2024 include Media & Entertainment (21%) and Financial Services (17%).

“By performing mass scanning, attackers increase the likelihood of discovering vulnerable systems. The more targets scanned, the higher the probability of finding at least one exploitable weakness,” said Fastly Staff Security Researcher Simran Khalsa. “It’s not enough to respond to attacks. We must anticipate them, continuously adapt, and stay one step ahead.”