A new report out today from edge cloud platform provider Fastly Inc. has found that 91% of all cyberattacks now target multiple organizations using mass scanning to uncover and exploit vulnerabilities, up from 69% in 2023.

Based on data collected between April 11 and June 30 from Fastly’s Network Learning Exchange, Out-of-Band Domains and Fastly Bot Management, the report also found that along with 91% of attacks targeting multiple customers, 19% also targeted more than 100 different customers.

Of the IP addresses being used, 49% appeared for only one day, with the average being 3.5 days. Attacks were found to use internet protocol addresses for a short period to avoid detection, highlighting the importance of adaptive security controls.

By target, technology companies were found to account for the most targeted, with 37% of all attacks targeted at the sector, though down from 46% in 2023. Media and entertainment was in second place, attracting 21% of all attacks, followed by financial services at 17%.

Bots comprised more than one-third of internet traffic, coming in at 36% of all traffic observed, with the remaining 64% coming from human users. Though bot traffic can be attributed mostly to requests generated by automation tools, a significant portion of the bot traffic was found to be malicious or undesirable in nature, including account takeover attacks, ad fraud, carding and other nefarious users.

Some of the “unwanted” bots detailed in the report were also found to impersonate well-known benign bots to evade simple detection and carry out their intended activity, what Fastly calls “imposter bots.” Of the bots monitored, 75% of the bot traffic was classified as unwanted, whereas the remaining 25% consisted of verified wanted bots.

The report also covers out-of-band domain tooling, domains used by attackers outside the normal traffic flow to manage or exploit vulnerabilities. These domains are often used for activities like injecting malicious content, installing backdoors, or tracking compromised systems without detection.

The largest portion of out-of-band domains, 53%, were found to be self-hosted callback servers using open-source projects, such as Project Discovery’s interacts and Matthew Bryant’s XSS Hunter Express. “As a best practice, we recommend you monitor and track the usage of out-of-band domains to help identify compromised systems, detect ongoing attacks, and uncover attacker methodology,” the report notes.

Image: SiliconANGLE/Ideogram