Four Internet trends from 2024 to watch
Optimize your cyber security strategies now
The most effective cyber security and IT strategies are driven by data: Organizations that understand trends and how the greatest threats shift over time are better positioned to focus their resources and make a greater impact on their risk posture. So, where is the data guiding organizations for 2025?
According to the 2024 Year in Review — an annual report based on global Internet traffic, cyber attacks, and technology trends as observed through Cloudflare’s global network — organizations are facing some persistent security vulnerabilities. Addressing long-standing threats, fine-tuning strategies to combat evolving tactics, and preparing for disruption are critical to hardening defenses over the next 12 months.
1. Address known vulnerabilities
Many organizations are still facing serious, longstanding vulnerabilities — despite readily available fixes. The Log4j vulnerability, which is more than three years old, is a prime example.
Log4j is a popular, Java-based open-source software library used to log web application activity. A security vulnerability in Log4j was discovered in 2021. Attackers taking advantage of this vulnerability can conduct a remote code execution (RCE) attack, executing malicious code on an organization’s server. That malicious code could be used to gain remote access to a network, deploy malware, steal or destroy data, or carry out a denial-of-service attack.
Multiple technology companies sounded the alarm about the Log4j vulnerability in late 2021, soon after the vulnerability was discovered. The US Cybersecurity & Infrastructure Security Agency (CISA) quickly established guidance for addressing the problem. The US Federal Trade Commission also warned organizations to address the vulnerability, highlighting the possibility of breaches that could result in regulatory failures and fines. Meanwhile, in early 2022, the UK’s NHS reported that attackers were actively targeting Log4j vulnerabilities.
Despite early detection, high-profile warnings, and reported incidents, many organizations never addressed the vulnerability. Today attackers continue to exploit Log4j. The data from 2024 shows that harmful Log4j activity accounts for more than 20 times the activity of Atlassian Confluence Code Injection and as much as 100 times the aggregated activity seen for Authentication Bypass or Remote Code Injection vulnerabilities.
This 2024 data is another strong call to action: Organizations must address the Log4j vulnerability — and other longstanding vulnerabilities — now. With Log4j, they can mitigate the issue with available technologies and relatively simple steps.
Organizations should first determine whether they are using Log4j. Your team might need to inventory all places in your infrastructure where you are running software on the Java Virtual Machine (JVM) and then evaluate each Java application to see whether it contains Log4j.
If you are using Log4j, you should next ensure that your web application firewall (WAF) is adequately equipped to address the vulnerability. With the right WAF rules, you should be able to block any exploit attempts and configure Logpush service to find and replace known exploit strings in logs.
2. Close the door on email spam and phishing
Email continues to be a wide-open front door into the enterprise. Attackers use deception as a frequent tactic: This year’s data shows that 43% of malicious emails contained a deceptive link.
Generative AI will make it even more difficult to discern legitimate emails from attempts at phishing. Attackers are using AI to write more convincing emails, possibly even using stolen personal data to tailor content for victims.
Meanwhile, users continue to be flooded with email spam from a few particular top-level domains (TLDs). More than 99% of the email messages processed from .bar, .rest, and .uno were found to be either spam or malicious.
How can your organization combat these email-based threats?
First, work to improve security awareness and frequently remind your employees: Don’t trust every email you receive, even if it seems to be from a manager or executive. According to this year’s data, 35% of malicious emails used identity deception as a tactic to reel in victims.
You should also block emails from those three TLDs: .bar, .rest, and .uno. Given the high percentage of malicious emails from those domains, it’s unlikely you will inadvertently block anything critical.
3. Distinguish bot threats from helpful traffic
The data from 2024 suggests that your bot management policies might require fine-tuning. Malicious bots can seriously damage websites, businesses, and users through credential stuffing, data scraping, inventory hoarding, and DDoS attacks. The challenge is that not all bot traffic is malicious.
As this year’s report shows, nearly 69% of global bot traffic comes from 10 countries — with the United States responsible for more than one-third of all such traffic. Much of that bot traffic comes from public cloud providers, such as AWS, Google, and Microsoft. These bots generally serve legitimate, non-malicious, and helpful functions, such as search engine indexing, website availability monitoring, and performance monitoring.
So, not all bots need to be blocked. Instead, your team needs ways to discern good from bad bots, stopping the bad ones without interrupting the work of legitimate ones.
The right bot management solutions are crucial for solving the puzzle. These solutions allow verified bots — such as ones from search engines — while presenting challenges for suspected bad bots. These solutions can also employ other means, such as rate limiting, detailed user logging, and malicious bot detection to mitigate the impact of bad bots. Importantly, the right bot management solutions will remain effective even if attackers use AI to create bots that simulate legitimate behavior.
4. Prepare for government-directed Internet shutdowns
A growing incidence of government-directed Internet shutdowns occurred in 2024, tracking 116 globally, up from 100 the year prior.
These shutdowns are sometimes a response to civil unrest: A government might claim they are shutting down the Internet to prevent the spread of misinformation, but they are really attempting to stop people from using the Internet to organize. In some cases, governments (such as in Syria, Iraq, and Algeria) shut down the Internet temporarily during national exams in an effort to prevent cheating.
What can your organization do to prepare for possible shutdowns? Unfortunately, if a government decides to shut down citizen access to the Internet, there is little you can do to continue providing access to your site or web app from within that country. And there is no single technology solution that will enable you to completely avoid a potentially substantial disruption.
The best way to minimize the effects of these shutdowns may be to avoid operating directly within at-risk areas. If you are contemplating expanding your go-to-market area or your facility's footprint, carefully weigh the benefits and risks of each particular location. In some cases, it might make sense to focus on countries that are geographically close to target areas but that do not have a high risk of shutdowns.
If you do operate in an at-risk country, developing a business continuity strategy will be essential. You will need to plan for ways employees and partners can continue to communicate and be productive even without accessing the public Internet.
Optimize your cyber security strategy for 2025 and beyond
Organizations continue to face some significant vulnerabilities and threats, both to enterprise cyber security and the availability of websites. Fortunately, several of these issues — such as the Log4j vulnerability and the need for better bot management — can be successfully addressed by fine-tuning security strategies and taking advantage of available solutions. The data from 2024 should help organizations focus their efforts on the most pressing challenges.
Cloudflare’s connectivity cloud is a unified, intelligent platform of cloud-native services that enables organizations to address those key challenges — all while reducing IT complexity. Whether your organization needs to patch longstanding vulnerabilities, improve bot management, enhance email protection, or more fully transform security, networking, or app development, you can accomplish your goals through this single platform.
This article is part of a series on the latest trends and topics impacting today’s technology decision-makers.
Dive deeper into this topic.
Discover how Cloudflare’s connectivity cloud can help you address cyber security challenges in the The connectivity cloud: A way to take back IT and security control ebook.
Author
David Belson — @dbelson
Head of Data Insight, Cloudflare
Key takeaways
After reading this article you will be able to understand:
Top four internet trends from 2024
How these trends could impact your organization
Ways to optimize cyber security for 2025