Abo
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten

Report: Attackers abuse "proof of concept" code within 22 minutes

In a report, Cloudflare highlights current trends in cyberattacks. According to the figures, the threat situation is intensifying.

Save to Pocket listen Print view
Cubes with letters spell out "CYBERCRIME"; a Finge is turning some letters around to make it "CYBERSECURITY".

(Image: Dmitry Demidovich/Shutterstock.com)

2 min. read
Security
By
This article was originally published in German and has been automatically translated.

Cloudflare, a provider of internet security and DNS services, has analyzed global data traffic on the internet with a focus on attacks on computers and networks. The results show, for example, that the total volume of DDoS attacks has increased massively compared to previous years and that attackers are exploiting security vulnerabilities with increasing speed.

The researchers have summarized the key findings in an abridged version of the report for the first quarter of 2024. They analyze HTTP requests as the basis for their research. Cloudflare claims to process an average of 57 million requests per second. To analyze the data traffic, they divide it into different categories such as API and bot traffic.

Their research shows, among other things, that security measures (mitigation) such as firewall rules account for an average of seven percent of global data traffic. They state that they blocked an average of 209 billion cyber threats per day in the first quarter of 2024. This is an increase of almost 87% compared to the same period last year.

According to Cloudflare, the annual volume of DDoS attacks to paralyze servers and online services was 26 million requests per second in 2022. In 2023, they documented a record 201 million requests.

Security vulnerabilities

Zero-day vulnerabilities are software vulnerabilities that attackers exploit before security updates are available. The report lists 97 such vulnerabilities for 2023, an increase of 15 percent compared to 2022. These include vulnerabilities in Apache Struts (CVE-2023-50164), Adobe Coldfusion (CVE-2024-29298) and TeamCity (CVE-2024-27198).

In the case of the TeamCity vulnerability, the report indicates that attackers are increasingly abusing PoC code to exploit vulnerabilities. Security researchers actually develop proof-of-concept (PoC) code for a good cause, for example to detect vulnerabilities. In this case, the first attacks are said to have started just 22 minutes after the PoC code became available.

(des)

Spiele

Back to top
Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten