1、The state of application security in 2023W H I T EPA PERContent032023 attack trends at a glance04Attacks that disrupt business05 0607 6%of HTTP requests are malicious DDoS accounts for 52%of all attacks HTTP anomalies are the most frequent attack vector09Attacks that compromise users10 Brute force a

2、ccount takeover attacks are increasing11 Microsoft Exchange Server is the second-largest target of brute force attacks12Conclusion13How Cloudflare can help14Glossary3Cloudflare|The state of application security in 20232023 attack trends at a glanceIts a line weve all heard before:cyber attacks are l

3、arger,more frequent,and more sophisticated than ever.And in 2023,the numbers continue to back up each of these points:Attacks are larger.In February,Cloudflare mitigated a 71 million request-per-second HTTP DDoS attack the largest-known attack of its kind to date,more than 54%higher than the previou

4、s reported record of 46 million RPS in June 2022.To put this into perspective,Google fields approximately 100,000 requests per second across all platforms worldwide,making the attack roughly 140 x Googles total traffic.Attacks are more frequent.Application-layer attacks have spiked by as much as 80%

5、in 2023.One reason behind this jump:attackers are leveraging existing Internet infrastructure to amplify their attacks,making them both easier and cheaper to carry out.Attacks are more sophisticated.As organizations continue to refine their security strategies,attackers evolve their tactics to get a

6、round even the most robust defenses.One way of doing that is via brute force attempts,which can aid attackers in gaining access to user accounts and sensitive data.From 2022 to 2023,Cloudflare observed matches for HTTP requests with leaked credentials at a rate of 12,000+per minute.In the report bel