Business Wire

AZ-EDGIO

22.2.2024 14:01:35 CET | Business Wire | Press release

Share
Web Application Attacks Intensify in Fourth Quarter of 2023, According to New Edgio Quarterly Attack Trends Report

Edgio (NASDAQ: EGIO), the platform of choice for speed, security, and simplicity at the edge, found that web application attacks continued to increase and evolve in the fourth quarter of 2023, as reported in its new Edgio Quarterly Attack Trends Report in which the company analyzed 5.2 billion attack requests. Edgio found that the most prevalent attack mitigated was path traversal. A successful path traversal attack allows a threat actor to access files on a web server, and has surpassed the prior #1 threat, SQL injection, a common attack vector that often uses malicious SQL statements to attempt to exfiltrate sensitive data from databases behind applications.

Edgio’s report explains how path traversal attacks can lead to deep system intrusions posing a significant threat to an organization’s infrastructure and the confidentiality, integrity, and availability of data delivered over the Internet. These attacks can result in unauthorized access to content, the loss of personally identifiable information (PII), the dissemination of private/copyrighted information, or even remote code execution. Unmitigated attacks can lead to even more serious consequences, such as the deployment of ransomware or other malicious software.

“As one of the leading edge-computing providers, Edgio has unparalleled visibility into the threats facing web applications today,” said Tom Gorup, Vice President of Security for Edgio. “We are assembling our knowledge and expertise into a quarterly read-out to enable enterprises to better protect their web infrastructure and applications. As more businesses become dependent on their digital assets, it’s critical this knowledge is shared to build a safer Internet.”

The report looked at malicious requests and the different types of blocking, categorizing protection into three categories: access control rules, managed rulesets, and custom signatures. Of those that were focused on access controls, over 76% of mitigated requests were based on IP, user-agent, and country matches, highlighting just how much bad traffic can be eliminated with basic blocklisting tactics. With managed rulesets, Edgio saw a wide range of threat types blocked, with path traversal, SQL injection and cross-site scripting (XSS) attacks leading the way when it comes to OWASP attacks.

In addition, Edgio was able to review web application firewall (WAF) request denials by country of origin, while noting that attackers often leverage local resources to launch attacks in order to evade geofencing tactics. This could explain why attacks coordinated from advanced threat actors in more prominent countries did not crack Edgio’s Top 10 for the quarter.

Top countries by malicious request origin, making up nearly 62% of all requests denied, include:

  • United States – 26.3%
  • France – 17.4%
  • Germany – 9.4%
  • Russia – 8.8%

Edgio found that WAF customers used access control features to allow or deny specific request methods, using their knowledge of their own applications to inform their security controls and lower risk. The report indicates that attackers frequently leverage request methods like HEAD that return app and infrastructure information that can be used by the attacker for reconnaissance purposes and to craft a malicious payload.

Based on deep parsing of attack payloads, Edgio found that 98% of all malicious payloads fell into JavaScript Object Notation (JSON) and URL encoded form categories (used for storing and transporting data) but cautioned security teams to remain vigilant as attackers evolve in their selection of payload content types.

Best practices for digital asset protection: proactively stop threats against websites and applications

Based on its findings, Edgio recommends the following methods to best protect digital assets, including websites and applications:

  • Ensure your WAF provides a layered defense to protect organizations against the known bad, application-specific, and emerging threats. A complete solution will show a distribution of enforcement across access control rules, managed rulesets, and custom signatures.
  • Blocklists are still an effective and low-cost part of a layered security approach to safeguard Internet-facing assets. Organizations should also take advantage of threat intelligence feeds to further harden their security posture against known bad actors.
  • While managed rules are often maintained and updated by your WAF provider, it is not advisable to use a ‘set it and forget’ approach. As an application evolves and new functionalities are developed, policy reviews and analysis of managed ruleset enforcement is recommended. It is best to ensure rules are closely aligned with business application needs.
  • Organizations should take the time to understand where they are doing business and where they aren’t allowed to do business. Block the countries or sub-regions that bring no value to a brand to reduce their attack surface. Blocking embargoed countries is a great starting point, but don’t rely on this approach as a catch all for bad actors.
  • Know the application and use this knowledge to inform security solutions, like a WAF, to limit the application request methods or content types based on application needs.

To obtain a full copy of the report, click here.

About Edgio

Edgio (NASDAQCM: EGIO) helps companies deliver online experiences and content faster, safer and with more control. Our developer-friendly, globally scaled edge network, combined with our fully integrated application and media solutions, provides a single platform for delivering high-performing, secure web properties and streaming content. Companies can deliver content quicker and more securely through this fully integrated platform and end-to-end edge services, boosting overall revenue and business value. To learn more, visit edg.io and follow us on Twitter, LinkedIn and Facebook.

To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.

View source version on businesswire.com: https://www.businesswire.com/news/home/20240222674952/en/

About Business Wire

Business Wire
Business Wire
101 California Street, 20th Floor
CA 94111 San Francisco

http://businesswire.com
DK

Subscribe to releases from Business Wire

Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Business Wire

Incyte Data to Be Highlighted in Four Rapid Oral Presentations at the European Society for Medical Oncology (ESMO) Congress 2026 Support Efforts to Improve Outcomes in Difficult-to-Treat Cancers17.7.2026 19:10:00 CEST | Press release

Rapid oral presentations will highlight new Phase 1 data across Incyte’s solid tumor portfolioBoth INCB161734, an investigational, potent, selective and orally bioavailable KRAS G12D inhibitor, and INCA338901, a TGFβR2×PD-1 bispecific antibody, are being evaluated in ongoing Phase 3 programs as first-line treatments for patients with advanced pancreatic ductal adenocarcinoma (PDAC) and microsatellite stable (MSS) colorectal cancer, respectively Incyte (Nasdaq:INCY) today announced that it will highlight data from several programs in its oncology portfolio in six presentations at the European Society of Medical Oncology (ESMO) Congress 2026, being held October 23 - 27, 2026, in Madrid. “The data at ESMO will further illustrate Incyte’s commitment to advancing innovation for patients with cancer,” said Pablo J. Cagnoni, M.D., President, Incyte and Global Head of Research and Development. "Among the presentations are important updates from our KRAS G12D inhibitor in advanced pancreatic ca

STL Expands Its Optical Connectivity Portfolio in the US with the CONCAT Solution17.7.2026 14:24:00 CEST | Press release

STL Optical Connectivity NA, LLC, (STLOC), a U.S. subsidiary of STL (Sterlite Technologies Ltd.) [NSE: STLTECH], a leading connectivity solutions provider for AI-ready digital infrastructure, today announced that it launched its new advanced FTTH solution, CONCAT, after successfully completing field trials on the networks of one of the largest telecom service providers in the United States. Following successful field validation, CONCAT is now available to digital infrastructure providers seeking faster fiber rollouts with reduced deployment complexity and labor. It enables up to 71% in labor cost savings by eliminating most field splicing through factory-assembled, pre-connectorized fiber segments that deliver plug-and-play installation. CONCAT simplifies fiber deployment by shifting critical fiber preparation and termination into a controlled manufacturing environment ensuring consistent quality, faster installation, and lower operational risk in the field. CONCAT solution is ideal fo

Aqemia and Sanofi Expand Their Research Collaboration17.7.2026 12:30:00 CEST | Press release

A new target nomination and a milestone payment mark the next step of the multi-year partnership first announced in December 2023 Aqemia, the drug invention company combining generative AI and quantum-inspired physics to invent small molecule drugs, today announced the expansion of its multi-year research collaboration with the global pharmaceutical company, Sanofi. The expansion is marked by the nomination of a new therapeutic target and an additional payment. The collaboration, first announced in December 2023, makes Aqemia eligible to receive up to a total of $140 million in upfront and milestone payments across programs. It spans the drug discovery journey from the identification of the very first hits to the selection of a development candidate. Aqemia leverages Qemi, its proprietary physics-based generative AI platform, to design novel molecules addressing Sanofi’s targets of choice, working in close collaboration with Sanofi scientific teams. Sanofi leads wet lab research, devel

China's ~$900B Live-Commerce Market Now Approaches US E-Commerce Scale17.7.2026 12:30:00 CEST | Press release

The consumer habits reshaping global retail were built in the East — and most Western shoppers haven't yet adopted them. NIQ report shows that brands still treating live, social, and quick commerce as "emerging" risk being left behind. The center of gravity in global retail has shifted East. The formats now driving the fastest growth in global retail (live shopping, social commerce, and delivery in minutes) were pioneered and scaled in Asia, and most Western consumers have yet to adopt them. According to NIQ (NYSE: NIQ), a leading consumer intelligence company, in its global report The Commerce Revolution: Where East Meets West, the gap between East and West is still vast. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260717253489/en/ China´s USD 900bn live shopping boom now approaches the scale of the US E-commerce The scale is already substantial. China's live-commerce market alone was worth roughly $900 billion in 2025,

Ant International’s Alipay+ Connects Argentina's National QR Payment Scheme via PVS,Enabling for Cross-Border Digital Payment Nationwide at Millions of Merchants17.7.2026 12:17:00 CEST | Press release

Alipay+, a global digital payment gateway under Ant International, today announced that it will enable global travellers to make QR code payments at millions of merchants across Argentina through integration with the country's national QR payment scheme Transferencias 3.0, in partnership with PVS, a fintech company specialized in developing customized payment solutions in Latin America. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260717276406/en/ By connecting to Argentina's national QR payment scheme, Alipay+ now enables global travellers in the country to make convenient QR code payments at merchants nationwide. This service helps to enhance global travellers' travel experiences in Argentina, allowing them to pay seamlessly at restaurants, malls and tourist attractions. Using an Alipay+ partner payment app, they can now scan the national QR code displayed at all merchants to make cross-border payments across Argentina,

In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.

Visit our pressroom
World GlobeA line styled icon from Orion Icon Library.HiddenA line styled icon from Orion Icon Library.Eye