Network Effect Threat Report: Uncovering the power of collective threat intelligence

We’re excited to announce the availability of the Network Effect Threat Report, Fastly’s threat intelligence report that offers insights based on unique data from Fastly’s Next-Gen WAF from Q2 2023 (April 1, 2023 to June 30, 2023). The report looks at traffic originating from IP addresses tagged by Fastly's Network Learning Exchange (NLX), our collective threat intelligence feed that anonymously shares attack source IP addresses across all Next-Gen WAF customer networks.

NGWAF’s reach and infrastructure-agnostic deployment options uniquely position us to analyze global attack trends across a wide variety of industries and applications. We protect over 90,000 apps and APIs and inspect 4.1 trillion requests a month*, allowing Fastly to flag the IP addresses from which malicious requests are sent and add them to our collective threat intelligence feed – NLX. The combination of volume, reach, and accuracy powers NLX to preemptively protect our customers with high-confidence attack data. 

The report dives into a number of observations and attack trends, with recommended actions for our NGWAF customers. Before diving into the report, here are five key takeaways that we found most significant in our research: 

  • Multi-customer attacks: 69% of IPs tagged by NLX targeted multiple customers, and 64% targeted multiple industries.

  • Targeted Industries: The High Tech Industry was targeted the most, accounting for 46% of attack traffic tagged by NLX.

  • Trending Techniques: While SQL injection is a popular attack choice (28%), attackers are favoring Traversal techniques, which make up nearly one-third (32%) of attacks analyzed.

  • Out-of-Band (OOB) Callbacks: Callback server domains are prevalent throughout NLX data, particularly in Log4j JNDI lookups, OS command injection, and XSS attacks. 46% of requests were utilizing known out-of-band application security testing (OAST) domains (e.g. interact.sh).

  • Autonomous Systems (AS): Cloud Hosting providers are the primary sources of attack traffic. They are useful for conducting large-scale attacks, providing adversaries with cost-efficient computing resources and the ability to distribute their traffic, offering a layer of anonymity.

Over the past few years, Fastly’s Security Research Team have published blogs, CVE notices, new Next-Gen WAF (NGWAF) rules, open source tools, tutorials, and other research that helps inform our customers of the latest security developments. We’re continuing this momentum by publishing deeper, more comprehensive reports on attack trends we see come through the NGWAF.

We’re excited to share this report with you and see how our findings correlate to what you’ve seen on your own apps and APIs. To dive deeper into the attack observations and analysis, read the full report. If you have any questions or feedback for the Security Research team, find us on Fastly’s Twitter or LinkedIn.


* Trailing 6 month average as of June 30, 2023

Fastly Security Research Team
Fastly Security Research Team
Simran Khalsa
Staff Security Researcher
Arun Kumar
Senior Security Researcher
Matthew Mathur
Senior Security Researcher
Xavier Stevens
Staff Security Researcher
Published

2 min read

Want to continue the conversation?
Schedule time with an expert
Share this post
Fastly Security Research Team
Fastly Security Research Team

The Fastly Security Research Team focuses on ensuring our customers have the tools and data available to them to keep their systems secure. They analyze and ultimately help prevent attacks at Fastly scale. The team is a group of behind-the-scenes security experts who are here to help you stay on the cutting edge of the ever-evolving security landscape.

Simran Khalsa
Staff Security Researcher

Simran is a Staff Security Researcher at Fastly where he focuses on threat intelligence, vulnerability research, and product innovation. He enjoys researching novel attack techniques and fortifying technology to prevent real-world web attacks. He has spent his career on both the offensive and defensive sides of the industry in both public and private sectors with an emphasis on building modern security solutions.

Arun Kumar
Senior Security Researcher

Arun Kumar is a Senior Security Researcher at Fastly, with a focus on bot management & anti-fraud products.

Matthew Mathur
Senior Security Researcher

Matthew is a Senior Security Researcher at Fastly, focusing on vulnerability research, web application attacks, and developing protections. Matthew is an active contributor to several open source security tools including the Metasploit Framework and Nuclei, and is passionate about sharing research with the security community.

Xavier Stevens
Staff Security Researcher

Xavier Stevens is a Staff Security Researcher at Fastly, with a focus on threat research, detection engineering, and product innovation.

Ready to get started?

Get in touch or create an account.