Network Effect Threat Report: Uncovering the power of collective threat intelligence

We’re excited to announce the availability of the Network Effect Threat Report, Fastly’s threat intelligence report that offers insights based on unique data from Fastly’s Next-Gen WAF from Q2 2023 (April 1, 2023 to June 30, 2023). The report looks at traffic originating from IP addresses tagged by Fastly's Network Learning Exchange (NLX), our collective threat intelligence feed that anonymously shares attack source IP addresses across all Next-Gen WAF customer networks.

NGWAF’s reach and infrastructure-agnostic deployment options uniquely position us to analyze global attack trends across a wide variety of industries and applications. We protect over 90,000 apps and APIs and inspect 4.1 trillion requests a month*, allowing Fastly to flag the IP addresses from which malicious requests are sent and add them to our collective threat intelligence feed – NLX. The combination of volume, reach, and accuracy powers NLX to preemptively protect our customers with high-confidence attack data. 

The report dives into a number of observations and attack trends, with recommended actions for our NGWAF customers. Before diving into the report, here are five key takeaways that we found most significant in our research: 

  • Multi-customer attacks: 69% of IPs tagged by NLX targeted multiple customers, and 64% targeted multiple industries.

  • Targeted Industries: The High Tech Industry was targeted the most, accounting for 46% of attack traffic tagged by NLX.

  • Trending Techniques: While SQL injection is a popular attack choice (28%), attackers are favoring Traversal techniques, which make up nearly one-third (32%) of attacks analyzed.

  • Out-of-Band (OOB) Callbacks: Callback server domains are prevalent throughout NLX data, particularly in Log4j JNDI lookups, OS command injection, and XSS attacks. 46% of requests were utilizing known out-of-band application security testing (OAST) domains (e.g. interact.sh).

  • Autonomous Systems (AS): Cloud Hosting providers are the primary sources of attack traffic. They are useful for conducting large-scale attacks, providing adversaries with cost-efficient computing resources and the ability to distribute their traffic, offering a layer of anonymity.

Over the past few years, Fastly’s Security Research Team have published blogs, CVE notices, new Next-Gen WAF (NGWAF) rules, open source tools, tutorials, and other research that helps inform our customers of the latest security developments. We’re continuing this momentum by publishing deeper, more comprehensive reports on attack trends we see come through the NGWAF.

We’re excited to share this report with you and see how our findings correlate to what you’ve seen on your own apps and APIs. To dive deeper into the attack observations and analysis, read the full report. If you have any questions or feedback for the Security Research team, find us on Fastly’s Twitter or LinkedIn.

* Trailing 6 month average as of June 30, 2023

Published

2 min read

Want to continue the conversation?
Schedule time with an expert
Share this post
Fastly Security Research Team

The Fastly Security Research Team focuses on ensuring our customers have the tools and data available to them to keep their systems secure. They analyze and ultimately help prevent attacks at Fastly scale. The team is a group of behind-the-scenes security experts who are here to help you stay on the cutting edge of the ever-evolving security landscape.


Meet the team:



  • Simran Khalsa, Staff Security Researcher

  • Arun Kumar, Senior Security Researcher

  • Kelly Shortridge, Senior Principal, Product Technology

  • Xavier Stevens, Staff Security Researcher

  • Matthew Mathur, Senior Security Researcher

Ready to get started?

Get in touch or create an account.

Try Fastly freeTalk to an expert
Fastly
© Fastly 2024