Business Wire

AZ-EDGIO

22.2.2024 14:01:35 CET | Business Wire | Press release

Share
Web Application Attacks Intensify in Fourth Quarter of 2023, According to New Edgio Quarterly Attack Trends Report

Edgio (NASDAQ: EGIO), the platform of choice for speed, security, and simplicity at the edge, found that web application attacks continued to increase and evolve in the fourth quarter of 2023, as reported in its new Edgio Quarterly Attack Trends Report in which the company analyzed 5.2 billion attack requests. Edgio found that the most prevalent attack mitigated was path traversal. A successful path traversal attack allows a threat actor to access files on a web server, and has surpassed the prior #1 threat, SQL injection, a common attack vector that often uses malicious SQL statements to attempt to exfiltrate sensitive data from databases behind applications.

Edgio’s report explains how path traversal attacks can lead to deep system intrusions posing a significant threat to an organization’s infrastructure and the confidentiality, integrity, and availability of data delivered over the Internet. These attacks can result in unauthorized access to content, the loss of personally identifiable information (PII), the dissemination of private/copyrighted information, or even remote code execution. Unmitigated attacks can lead to even more serious consequences, such as the deployment of ransomware or other malicious software.

“As one of the leading edge-computing providers, Edgio has unparalleled visibility into the threats facing web applications today,” said Tom Gorup, Vice President of Security for Edgio. “We are assembling our knowledge and expertise into a quarterly read-out to enable enterprises to better protect their web infrastructure and applications. As more businesses become dependent on their digital assets, it’s critical this knowledge is shared to build a safer Internet.”

The report looked at malicious requests and the different types of blocking, categorizing protection into three categories: access control rules, managed rulesets, and custom signatures. Of those that were focused on access controls, over 76% of mitigated requests were based on IP, user-agent, and country matches, highlighting just how much bad traffic can be eliminated with basic blocklisting tactics. With managed rulesets, Edgio saw a wide range of threat types blocked, with path traversal, SQL injection and cross-site scripting (XSS) attacks leading the way when it comes to OWASP attacks.

In addition, Edgio was able to review web application firewall (WAF) request denials by country of origin, while noting that attackers often leverage local resources to launch attacks in order to evade geofencing tactics. This could explain why attacks coordinated from advanced threat actors in more prominent countries did not crack Edgio’s Top 10 for the quarter.

Top countries by malicious request origin, making up nearly 62% of all requests denied, include:

  • United States – 26.3%
  • France – 17.4%
  • Germany – 9.4%
  • Russia – 8.8%

Edgio found that WAF customers used access control features to allow or deny specific request methods, using their knowledge of their own applications to inform their security controls and lower risk. The report indicates that attackers frequently leverage request methods like HEAD that return app and infrastructure information that can be used by the attacker for reconnaissance purposes and to craft a malicious payload.

Based on deep parsing of attack payloads, Edgio found that 98% of all malicious payloads fell into JavaScript Object Notation (JSON) and URL encoded form categories (used for storing and transporting data) but cautioned security teams to remain vigilant as attackers evolve in their selection of payload content types.

Best practices for digital asset protection: proactively stop threats against websites and applications

Based on its findings, Edgio recommends the following methods to best protect digital assets, including websites and applications:

  • Ensure your WAF provides a layered defense to protect organizations against the known bad, application-specific, and emerging threats. A complete solution will show a distribution of enforcement across access control rules, managed rulesets, and custom signatures.
  • Blocklists are still an effective and low-cost part of a layered security approach to safeguard Internet-facing assets. Organizations should also take advantage of threat intelligence feeds to further harden their security posture against known bad actors.
  • While managed rules are often maintained and updated by your WAF provider, it is not advisable to use a ‘set it and forget’ approach. As an application evolves and new functionalities are developed, policy reviews and analysis of managed ruleset enforcement is recommended. It is best to ensure rules are closely aligned with business application needs.
  • Organizations should take the time to understand where they are doing business and where they aren’t allowed to do business. Block the countries or sub-regions that bring no value to a brand to reduce their attack surface. Blocking embargoed countries is a great starting point, but don’t rely on this approach as a catch all for bad actors.
  • Know the application and use this knowledge to inform security solutions, like a WAF, to limit the application request methods or content types based on application needs.

To obtain a full copy of the report, click here.

About Edgio

Edgio (NASDAQCM: EGIO) helps companies deliver online experiences and content faster, safer and with more control. Our developer-friendly, globally scaled edge network, combined with our fully integrated application and media solutions, provides a single platform for delivering high-performing, secure web properties and streaming content. Companies can deliver content quicker and more securely through this fully integrated platform and end-to-end edge services, boosting overall revenue and business value. To learn more, visit edg.io and follow us on Twitter, LinkedIn and Facebook.

To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.

View source version on businesswire.com: https://www.businesswire.com/news/home/20240222674952/en/

About Business Wire

Business Wire
Business Wire
101 California Street, 20th Floor
CA 94111 San Francisco

http://businesswire.com
DK

Subscribe to releases from Business Wire

Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Business Wire

Vertex to Acquire Crinetics Pharmaceuticals6.7.2026 22:04:00 CEST | Press release

- Crinetics adds potential best-in-class commercialized and Phase 3 endocrinology assets with ~$5 billion peak sales opportunity to Vertex’s portfolio - - PALSONIFY®, Crinetics’ recently launched, first and only, once-daily oral therapy for adults with acromegaly has demonstrated strong and growing early uptake - - Atumelnant, a once-daily oral adrenocorticotropic hormone (ACTH) receptor antagonist in Phase 3 development for congenital adrenal hyperplasia (CAH), has shown unique and transformative potential to both normalize androgen levels and enable management of patients with physiologic levels of glucocorticoids, the true goal of CAH management; atumelnant has also demonstrated therapeutic potential in patients with Cushing’s syndrome - - Acquisition adds to Vertex’s innovation pipeline, accelerates Vertex’s revenue growth and enhances long-term earnings profile - - Vertex to host investor call today, July 6 at 4:30 p.m. ET - Vertex Pharmaceuticals Incorporated (Nasdaq: VRTX) and C

Ciauru Wins the Second Edition of the Reply AI Music Contest, the International Competition Dedicated to Experimentation Across AI, Music and Live Performance6.7.2026 20:30:00 CEST | Press release

The winner was announced on the Kappa FuturFestival stage, following the performances of the five finalists selected by the international jury.German duo PARAFRAME & Avis Vox received the special Reply AI Studios Grand Prix award. The second edition of the Reply AI Music Contest, the international competition created by Reply to explore new forms of expression combining artificial intelligence, music and live performance, concluded with the announcement of the winner on the Nova Stage powered by Reply during Kappa FuturFestival. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260706007611/en/ The second edition of the Reply AI Music Contest, the international competition created by Reply to explore new forms of expression combining artificial intelligence, music and live performance, concluded with the announcement of the winner on the Nova Stage powered by Reply during Kappa FuturFestival First place went to Ciauru, the stag

Rimini Street to Report Second Quarter 2026 Financial Results on July 30, 20266.7.2026 15:00:00 CEST | Press release

Rimini Street, Inc. (Nasdaq: RMNI), the Software Support and Agentic AI ERP Company™ and the leading third-party support provider for Oracle, SAP and VMware software, today announced it will report earnings after market close on July 30, 2026. The company will host a conference call and webcast on that date to discuss the second quarter 2026 results and the second half 2026 outlook at 5:00 p.m. Eastern / 2:00 p.m. Pacific time. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260706560476/en/ Rimini Street to Report Second Quarter 2026 Financial Results on July 30, 2026 A live webcast of the event will be available on Rimini Street’s Investor Relations site via the Rimini Street IR events link and directly via the webcast link. Dial-in participants can access the conference by dialing 1-800-836-8184. A replay of the webcast will be available for one year following the event. About Rimini Street, Inc. Rimini Street, Inc. (Nasda

Orion and Shilpa Medicare Expand Partnership to Develop and Supply Nivolumab Biosimilar for Europe6.7.2026 15:00:00 CEST | Press release

Shilpa Medicare Limited announced that its wholly owned subsidiary, Shilpa Biologicals Private Limited, has entered into a co-development and supply agreement with Orion Corporation for intravenous (IV) nivolumab biosimilar referencing one of the world’s most widely used cancer immunotherapies to widen patient access across Europe. Nivolumab helped usher in the era of immuno-oncology, transforming the outlook for patients with cancers such as melanoma and lung cancer. As the originator approaches loss of exclusivity in Europe, this partnership aims to put a high-quality, EU-GMP-manufactured nivolumab biosimilar within reach of more patients, reducing healthcare burden. In 2025, Nivolumab recorded sales of approximately USD4.1 billion (Source: IQVIA/IMS) Europe — underscoring the scale of the opportunity. Under the agreement, Orion will hold the exclusive rights to register, market, distribute and sell the nivolumab biosimilar across Europe. Shilpa Biologicals will lead product developm

No-Loss Trading Platform UpsideOnly Surpasses 100,000 Users Within Weeks of Launch6.7.2026 14:48:00 CEST | Press release

Rapid growth shows strong demand for a new trading model where users can make market predictions without risking their own capital Perpetuals.com Ltd (Nasdaq: PDC), today announced that UpsideOnly, its risk-free trading and market prediction platform, has seen a surge in new user sign-ups, surpassing the important milestone of 100,000 traders within weeks of its launch on May 19. UpsideOnly lets users make predictions about where global equity, commodity, forex, and crypto markets are heading without ever placing a real trade themselves. Perpetuals uses its own capital to trade on the strongest signals identified by its proprietary AI. If those trades win, Perpetuals shares the profits with the users who helped generate the signal. If the trade doesn’t make money, users lose nothing. Reaching 100,000 users so quickly after launching is a reflection of the enormous demand for a platform that flips the traditional retail trading model on its head, with early platform data showing strong

In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.

Visit our pressroom
World GlobeA line styled icon from Orion Icon Library.HiddenA line styled icon from Orion Icon Library.Eye