Key Insights from Edgio’s Q2 2024 Attack Trends Report
As the digital landscape continues to evolve, so do the threats that businesses face. Edgio’s Q2 2024 Attack Trends Report provides a comprehensive analysis of the latest cybersecurity challenges and trends, offering valuable insights for organizations striving to protect their digital assets. This report draws on data from Edgio’s Web Application Firewall (WAF), Bot Management, and Rate Limiting solutions, running on top of a global network that powers over 4% of the global internet.
Blocking AI Bot Scrapers: A Rising Trend
One of the most striking trends observed in Q2 2024 is the dramatic increase in businesses choosing to block AI bot scrapers. The report reveals a staggering 2,847% rise in blocks against AI bots since Q1. This surge underscores the growing concern among businesses about the unauthorized use of their data by AI companies. While some organizations may benefit from the increased visibility that AI-driven search results provide, others are wary of their data being used without consent. To address this, Edgio recommends several measures:
- Update robots.txt files to manage which parts of your site are accessible to web crawlers. OpenAI, Anthropic, and others share their user agent info, as well as other tips to limit their scrapers, while maintaining AI discoverability.
- Implement crawl delay (in robots.txt) to limit the number of times a respectable AI user agent can request data from your site, measured in seconds.
Additional considerations are given in the report. Read it to understand how you can protect your business’ data while balancing the benefits of AI-driven traffic.
DDoS Spidering
DDoS Spidering represents a sophisticated evolution of traditional DDoS attacks. Unlike conventional DDoS attacks that focus on overwhelming a single target, DDoS Spidering involves systematically probing and attacking multiple endpoints within a web application. This methodical approach maximizes disruption and complicates mitigation efforts, as defenders must constantly adapt to new attack vectors.
In the report Edgio offers a high-level framework for addressing DDoS Spidering as well as CDN best practices that can help mitigate these attacks. Those include:
- Edge Caching for Dynamic Content: Enhance CDN dynamic caching to offload as much traffic as possible from your origin servers. For content that cannot be cached, consider using edge computing capabilities closer to the user.
- Origin Shielding: Use an origin shield or similar features to reduce the load on origin servers by serving cached content through multiple edge locations, especially during an attack.
- Configure Cache-Control Headers: An origin server may send a cache-busting directive of “cache-control:no-cache, no-store” to prevent caching on proxies or end-clients. These directives can be overridden on the CDN edge to facilitate proper TTLs for cached response.
- Short TTL (Time-to-Live) for Error Responses: Also, referred to as “negative caching,” focus on caching specific error codes like 404, 403, and 500. Serving these responses from cache on repeated requests reduces backend processing. Also, set a short caching TTL (e.g., 1-5 minutes) to allow for quick adjustments to traffic patterns or attack responses, ensuring that malicious traffic doesn’t overwhelm the site for extended periods. Avoid caching 401 (Unauthorized) or 429 (Too Many Requests), as these are often used in legitimate scenarios where immediate retries are expected.
- Enable Rate Limiting: Use rate limiting to control the rate of requests from any source, particularly on APIs, login pages, and other endpoints that might be targeted by brute force attacks or other forms of abusive traffic.
Human-Led vs. Machine-Led Interactions
The Q2 2024 report also delves into the differences between human-led and machine-led interactions with web applications, and how you can best prepare your site to scale, based on the interaction types you expect. While human-led interactions typically involve direct user engagement through interfaces like web browsers, machine-led interactions involve automated processes communicating over APIs. Each type of interaction presents unique operational and security challenges. Neglecting these differences can result in vulnerabilities that compromise both performance and security. In the report, Edgio provides a high-level framework for designing applications with flexibility and scalability, tailored to the specific interaction types.
Top 5 Weaknesses That Land You in the News
The report identifies the top critical vulnerabilities and exposures (CVE) that have made headlines in Q2 2024, as well as final year projection totals for CVEs logged in 2024. One model used by Edgio’s Threat Intelligence team predicts 40,800 CVEs by year end, a 40% increase from 2023.
Particular emphasis is placed on the importance of addressing the weaknesses underlying popular CVEs to avoid becoming the next new headliner. The most prominent challenges include improper input validation and memory management. To mitigate these risks, Edgio suggests:
- Implementing strict input validation to ensure all input is of the expected type, format, and range.
- Using smart pointers or other memory management techniques to prevent use-after-free errors.
- Avoiding the construction of OS commands with user input and using secure APIs or libraries instead.
These practical recommendations can help development teams reduce the likelihood of introducing common weaknesses into their code, thereby enhancing overall security.
Conclusion
Edgio’s Q2 2024 Attack Trends Report provides a wealth of insights into the current cybersecurity landscape. From the rise in blocking AI bot scrapers to the sophisticated tactics of DDoS Spidering, the report highlights the need for businesses to stay vigilant and proactive in their security efforts. By understanding these trends and implementing the recommended measures, organizations can better protect their digital assets and maintain a secure and resilient online presence. Stay ahead of the curve with Edgio’s expert insights and ensure your business is prepared for the challenges of tomorrow.