AZ-EDGIO
Edgio (NASDAQ: EGIO), the platform of choice for speed, security, and simplicity at the edge, found that web application attacks continued to increase and evolve in the fourth quarter of 2023, as reported in its new Edgio Quarterly Attack Trends Report in which the company analyzed 5.2 billion attack requests. Edgio found that the most prevalent attack mitigated was path traversal. A successful path traversal attack allows a threat actor to access files on a web server, and has surpassed the prior #1 threat, SQL injection, a common attack vector that often uses malicious SQL statements to attempt to exfiltrate sensitive data from databases behind applications.
Edgio’s report explains how path traversal attacks can lead to deep system intrusions posing a significant threat to an organization’s infrastructure and the confidentiality, integrity, and availability of data delivered over the Internet. These attacks can result in unauthorized access to content, the loss of personally identifiable information (PII), the dissemination of private/copyrighted information, or even remote code execution. Unmitigated attacks can lead to even more serious consequences, such as the deployment of ransomware or other malicious software.
“As one of the leading edge-computing providers, Edgio has unparalleled visibility into the threats facing web applications today,” said Tom Gorup, Vice President of Security for Edgio. “We are assembling our knowledge and expertise into a quarterly read-out to enable enterprises to better protect their web infrastructure and applications. As more businesses become dependent on their digital assets, it’s critical this knowledge is shared to build a safer Internet.”
The report looked at malicious requests and the different types of blocking, categorizing protection into three categories: access control rules, managed rulesets, and custom signatures. Of those that were focused on access controls, over 76% of mitigated requests were based on IP, user-agent, and country matches, highlighting just how much bad traffic can be eliminated with basic blocklisting tactics. With managed rulesets, Edgio saw a wide range of threat types blocked, with path traversal, SQL injection and cross-site scripting (XSS) attacks leading the way when it comes to OWASP attacks.
In addition, Edgio was able to review web application firewall (WAF) request denials by country of origin, while noting that attackers often leverage local resources to launch attacks in order to evade geofencing tactics. This could explain why attacks coordinated from advanced threat actors in more prominent countries did not crack Edgio’s Top 10 for the quarter.
Top countries by malicious request origin, making up nearly 62% of all requests denied, include:
- United States – 26.3%
- France – 17.4%
- Germany – 9.4%
- Russia – 8.8%
Edgio found that WAF customers used access control features to allow or deny specific request methods, using their knowledge of their own applications to inform their security controls and lower risk. The report indicates that attackers frequently leverage request methods like HEAD that return app and infrastructure information that can be used by the attacker for reconnaissance purposes and to craft a malicious payload.
Based on deep parsing of attack payloads, Edgio found that 98% of all malicious payloads fell into JavaScript Object Notation (JSON) and URL encoded form categories (used for storing and transporting data) but cautioned security teams to remain vigilant as attackers evolve in their selection of payload content types.
Best practices for digital asset protection: proactively stop threats against websites and applications
Based on its findings, Edgio recommends the following methods to best protect digital assets, including websites and applications:
- Ensure your WAF provides a layered defense to protect organizations against the known bad, application-specific, and emerging threats. A complete solution will show a distribution of enforcement across access control rules, managed rulesets, and custom signatures.
- Blocklists are still an effective and low-cost part of a layered security approach to safeguard Internet-facing assets. Organizations should also take advantage of threat intelligence feeds to further harden their security posture against known bad actors.
- While managed rules are often maintained and updated by your WAF provider, it is not advisable to use a ‘set it and forget’ approach. As an application evolves and new functionalities are developed, policy reviews and analysis of managed ruleset enforcement is recommended. It is best to ensure rules are closely aligned with business application needs.
- Organizations should take the time to understand where they are doing business and where they aren’t allowed to do business. Block the countries or sub-regions that bring no value to a brand to reduce their attack surface. Blocking embargoed countries is a great starting point, but don’t rely on this approach as a catch all for bad actors.
- Know the application and use this knowledge to inform security solutions, like a WAF, to limit the application request methods or content types based on application needs.
To obtain a full copy of the report, click here.
About Edgio
Edgio (NASDAQCM: EGIO) helps companies deliver online experiences and content faster, safer and with more control. Our developer-friendly, globally scaled edge network, combined with our fully integrated application and media solutions, provides a single platform for delivering high-performing, secure web properties and streaming content. Companies can deliver content quicker and more securely through this fully integrated platform and end-to-end edge services, boosting overall revenue and business value. To learn more, visit edg.io and follow us on Twitter, LinkedIn and Facebook.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: https://www.businesswire.com/news/home/20240222674952/en/
About Business Wire
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Guardant Health and Collaborators to Present New Data Across the Cancer Care Continuum at ESMO 202515.10.2025 22:57:00 CEST | Press release
15 abstracts spanning advancements in early detection of recurrence, tumor profiling, and therapy response monitoringPresentations highlight the power of Guardant Health’s blood-based assays to reduce treatment burden and improve disease monitoring across multiple cancer types Guardant Health, Inc. (Nasdaq: GH), a leading precision oncology company, today announced that new data from across its oncology portfolio will be presented in 15 accepted abstracts at the European Society for Medical Oncology (ESMO) Congress 2025, taking place October 17–21 in Berlin, Germany. These presentations span the cancer care treatment continuum, from minimal residual disease (MRD) detection and recurrence monitoring to advanced-stage tumor profiling and therapy response assessment. Guardant Health’s accepted abstracts span multiple tumor types, including lung, colorectal, breast, head and neck, and cancers of unknown primary. Together, they underscore the company’s commitment to harnessing cutting-edge
Greenland Resources Signs Mandate Agreement With European Bank15.10.2025 21:06:00 CEST | Press release
Greenland Resources A/S, a fully owned Greenlandic subsidiary of Greenland Resources Inc. (Cboe CA: MOLY | FSE: M0LY) (“Greenland Resources” or the “Company”) is pleased to announce the Company has signed a mandate letter with a major German Bank (the “Bank”) to act as the Export Credit Agency (“ECA”) Coordinator for the Project. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20251015159644/en/ The ECA Coordinator role covers the relevant tasks up to debt financial close. The Bank has extensive experience in acting as the ECAs Coordinator in project financings worldwide, as well as being one of Europe’s most prestigious institutions. The Bank will now be in a position to start working with some of the ECA’s discussed in previous press releases (primarily EKN, Finnvera, and EIFO). The Company’s debt part of the Capex is around US$750 million. Mandating the Bank complements the Company’s strategy to increase EU and specifically
Interactive Brokers Launches Ask IBKR: AI Tool Delivers Instant Portfolio Answers15.10.2025 16:00:00 CEST | Press release
New Natural Language Interface Helps Clients Analyze Holdings, Performance, and Allocation in Seconds Interactive Brokers (Nasdaq: IBKR), an automated global electronic broker, today announced the launch of Ask IBKR, an AI-powered tool that delivers instant portfolio insights through natural language queries. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20251015991473/en/ “With Ask IBKR, we’re introducing a natural language-based way for investors to interact with their portfolio data,” said Milan Galik, Chief Executive Officer at Interactive Brokers. “Instead of navigating across screens, clients can simply ask, ‘What sector am I underweight compared to the S&P 500?’ and get an instant, visualized answer.” Categories of queries include: Portfolio Metrics: Compare performance against benchmarks, identify valuation changes over time, and highlight periods of outperformance or underperformance Allocation Analysis: Analyze sect
Multiply Group Announces Plans to Acquire 2PointZero and Ghitha Holding via Share Swap15.10.2025 15:36:00 CEST | Press release
The proposed acquisition forms part of Multiply Group’s broader strategy to build scale, enhance portfolio synergies, and drive long-term value.2PointZero brings scalable assets across energy, mining and financial services, while Ghitha Holding contributes a diversified food and agriculture platform.The transaction remains subject to shareholder and regulatory approvals, with further details to be announced upon completion of the review process. Multiply Group (ADX: MULTIPLY), the Abu Dhabi-based investment holding company that invests in and operates businesses globally, today announced that its Board has approved a proposal to acquire 2PointZero and Ghitha Holding through a share swap transaction. Under the proposed terms, Multiply Group would offer shares to acquire 2PointZero and Ghitha Holding, followed by the issuance of new shares to complete the transaction. The transaction is currently under review and remains subject to shareholder and regulatory approvals. 2PointZero is a tr
Svante Hails Nobel Prize in Chemistry, Validating Metal-Organic Framework Technology is Critical for Commercial Carbon Capture15.10.2025 15:30:00 CEST | Press release
The Nobel Prize for Chemistry has awarded scientists for their work in metal-organic frameworks (MOFs), for their high capacity and selectivity for captured gases, including CO2. The CALF-20 MOF used in Svante’s filters for carbon capture and removal, was highlighted in the award announcement. Svante, a leader in solid sorbent-based carbon capture and removal filter technology, celebrated the announcement of the 2025 Nobel Prize in Chemistry last week, which honored scientists Susumu Kitagawa, Richard Robson and Omar Yaghi for their groundbreaking work in the metal-organic framework (MOF) field. The Royal Swedish Academy of Sciences awarded the prize for the development of MOFs, citing their "enormous potential" and unique molecular architecture that creates spacious, porous materials capable of capturing and storing specific substances, including carbon dioxide. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20251015855374/
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom