Home / Companies / Cloudflare / Blog / July 2021

July 2021 Summaries

40 posts from Cloudflare

Filter
Month: Year:
Post Summaries Back to Blog
Employee resource groups (ERGs) play a crucial role in fostering community, driving organizational change, and improving the overall quality of an organization's culture. They help organizations become more diverse, equitable, and inclusive. Cloudflare has established 16 ERGs since 2017, focusing on various underrepresented communities and initiatives. These groups create a sense of belonging and community among their members and allies through regular connection opportunities and global education and celebration events. They also influence the overall organization by attracting more allies, educating employees on systemic barriers to DEI, and making the workplace more inclusive for everyone.
Jul 30, 2021 1,350 words in the original blog post.
Cloudflare is offering one year of its Startup Enterprise plan for free to early-stage startups participating in selected accelerator programs. The plan includes advanced features such as CDN, DNS, WAF, custom SSL certificates, and 50 page rules. Additionally, participants will have access to special products like Cloudflare Workers, Cloudflare for Teams, and Cloudflare Stream. To be eligible, startups must be enrolled in a participating accelerator program or be recent graduates of such programs.
Jul 30, 2021 422 words in the original blog post.
Cloudflare has experienced increased productivity and job satisfaction since transitioning to remote work during the pandemic. The company observed greater participation in meetings from underrepresented groups, leading to a more diverse team. However, they also acknowledge challenges with remote work, such as reduced human interaction and difficulties for early-career professionals. Cloudflare plans to experiment with flexible workspaces, encourage in-person collaboration through "on-site off-sites," and support local businesses near their offices. They believe that the future of work will be more inclusive, productive, and adaptable.
Jul 30, 2021 2,137 words in the original blog post.
Cloudflare, a company with approximately 25 million internet properties under its network, emphasizes the importance of diversity, equity, and inclusion in achieving its goal to help build a better internet. The company has over 16 Employee Resource Groups (ERGs) that focus on various aspects such as traditionally under-represented groups in tech, historically marginalized communities, and interest/affinity groups. These ERGs not only provide support and belonging but also contribute to enhancing career development and fostering a more inclusive culture at Cloudflare. The company invests in training and programs to develop skills necessary for nurturing and preserving inclusive communities. This includes workshops like Ally Skills, Unconscious Bias Education Program, and partnership with tEQuitable. Additionally, the company holds itself accountable by setting goals, analyzing data, and measuring progress objectively. In terms of hiring, Cloudflare emphasizes an inclusive and expansive mindset, leveraging technology and tools to identify great talent that increases the diversity of its teams. The company also engages with external communities through hosting events for organizations like Wu Yee Children's Services and Women Who Code SF. Furthermore, it gives back to local communities through volunteering efforts and supports vulnerable websites, applications, and services through initiatives such as Project Galileo, Athenian Project, and Project Fair Shot. By being principled, curious, and transparent, Cloudflare publishes its diversity data to demonstrate accountability and responsibility in building a diverse and sustainable workforce.
Jul 30, 2021 2,268 words in the original blog post.
Greencloud, Cloudflare's sustainability-focused employee working group, was publicly introduced during the company's Impact Week. Founded in 2019, Greencloud is a cross-functional team with a focus on raising awareness about environmental activism, supporting multidisciplinary projects within Cloudflare, and advocating for more sustainable practices at both individual and organizational levels. Since its launch, the group has created content to educate employees and external audiences about various sustainability topics, organized events such as trivia nights, and celebrated Earth Day with a series of educational events. Greencloud's vision is to contribute on every level to addressing the climate crisis and creating a more sustainable future for Cloudflare and its employees.
Jul 30, 2021 824 words in the original blog post.
Cloudflare has joined Pledge 1%, a global movement of companies committed to giving back to their communities. As part of its pledge, Cloudflare will donate 1% of its products and services, as well as 1% of its employees' time. The company is already involved in several initiatives such as Project Galileo, which provides free security services to public interest organizations; the Athenian Project, offering state and local governments free high-level security and reliability services; and the newly launched Project Pangea, aimed at helping underserved populations connect to the internet for free. Additionally, Cloudflare is now offering all employees three days of annual leave to volunteer in their communities. The company believes that these efforts will not only benefit its local communities but also help build a better internet.
Jul 30, 2021 863 words in the original blog post.
Cloudflare recognizes privacy in personal data as a fundamental human right and has taken steps to demonstrate its commitment to privacy, including certifying to international standards. The company's multi-faceted privacy program incorporates critical privacy principles such as transparency about their privacy practices, practicing privacy by design when building products and services, using the minimum amount of personal data necessary for their services to work, and only processing personal data for specified purposes. Cloudflare became one of the first organizations in its industry to certify to a new international privacy standard for protecting and managing the processing of personal data - ISO/IEC 27701:2019. The company also maintains high-level security measures, such as obtaining ISO 27001:2013, SOC 2 Type II, PCI DSS 3.2.1, and BSI Qualification certifications. Additionally, Cloudflare has developed privacy-enhancing technologies like the 1.1.1.1 public DNS resolver and Web Analytics to help users maintain their privacy while using the internet.
Jul 29, 2021 1,579 words in the original blog post.
Over the past few years, there has been a rise in online threats targeting democratically-held elections worldwide. These threats range from attempts to restrict information availability to full disruptions of the voting process. In response, Cloudflare launched the Athenian Project in 2017 to provide free Enterprise level services to state and local election websites in the United States. Due to increasing cyberattacks targeting election infrastructure globally, there has been a growing demand for extending these cybersecurity protections to election entities worldwide. To address this need, Cloudflare collaborated with The International Foundation for Electoral Systems (IFES), National Democratic Institute (NDI), the International Republican Institute (IRI) and the Design 4 Democracy Coalition (D4D). Through these partnerships, Cloudflare provides free Enterprise Cloudflare services to election management bodies and groups working on election reporting. The collaboration also involves training and direct assistance to help these entities stay online in the face of large-scale cyberattacks. In addition, Cloudflare extended its support to provide a suite of products to eligible state parties in the United States through its partnership with Defending Digital Campaigns (DDC). This initiative aims to better secure these entities from cyber attacks and protect democracy in the digital age.
Jul 29, 2021 2,194 words in the original blog post.
The article discusses the increasing use of internet shutdowns and cyberattacks that restrict access to information in various communities worldwide. In 2020, Access Now's #KeepItOn coalition documented at least 155 internet shutdowns in 29 countries. These disruptions affect millions of people globally, impacting their ability to express themselves, earn a livelihood, gather and disseminate information, and participate in public life. The UN Human Rights Council (UNHRC) emphasizes the importance of the internet as a means for individuals to exercise their rights to freedom of opinion and expression, and its role in facilitating other human rights such as economic, social, cultural, civil, and political rights. Internet disruptions are particularly significant during elections, as they disrupt the dissemination and sharing of information about electoral contests and undermine the democratic process. To combat this issue, Cloudflare has introduced new programs to help civil society partners track and document internet shutdowns and protect democratic elections worldwide from cyberattacks. One such program is Radar Alerts, which provides real-time notifications of significant drops in internet traffic, typically associated with an internet shutdown. This system was initially developed for internal use at Cloudflare but has been adapted to benefit civil society groups that track and report these shutdowns. The article highlights collaborations with various organizations such as Access Now, The Carter Center, the International Foundation for Electoral Systems, Internet Society, Internews, and The National Democratic Institute in using Radar Alerts to document, track, and hold institutions accountable for human rights violations related to internet shutdowns.
Jul 29, 2021 932 words in the original blog post.
Cloudflare's Project Galileo, launched in 2014, provides free security products to over 1,500 targeted groups worldwide, including human rights defenders, independent media, journalists, and democracy-strengthening organizations. In the past year alone, there have been more than seven billion cyberattacks against Project Galileo journalism and media sites. To improve online safety for these vulnerable groups, Cloudflare has partnered with the Global Cyber Alliance (GCA), an international nonprofit dedicated to addressing systemic cyber risks. Together, they offer a free Cybersecurity Toolkit for Journalists, which includes DNS Security with WARP, end-to-end encryption with Cloudflare SSL, and Cloudflare for Teams products Access & Gateway. These tools help protect journalists' sensitive information and sources from cyberattacks while enabling them to report news safely online.
Jul 29, 2021 654 words in the original blog post.
On July 29, 2021, Alissa Starzak announced the release of Cloudflare's first human rights policy, which sets out its commitments and implementation methods to ensure respect for human rights throughout its business functions. The company has been working on this policy since announcing its commitment to the UN Guiding Principles on Business and Human Rights and partnership with Global Network Initiative (GNI) in 2020. The policy is based on the United Nations Guiding Principles on Business and Human Rights, which provide businesses with guidance on respecting human rights. Cloudflare's mission to help build a better internet aligns with its core values of being principled, curious, and transparent. The company has taken steps to make the internet more private, secure, and accessible for all through various initiatives such as Project Galileo, Athenian Project, and Cloudflare for Campaigns. As part of its human rights policy, Cloudflare will conduct human rights due diligence, identify potential harms, reduce risks, and remediate any existing harms. The company plans to continue refining this policy over time and seek input on how to improve it.
Jul 29, 2021 1,201 words in the original blog post.
In February 2021, Cloudflare launched Project Fair Shot, offering its Waiting Room product for free to organizations responsible for scheduling COVID-19 vaccinations. The technology ensured that vaccine scheduling applications remained available and reliable during high traffic periods, provided accurate wait times, and promoted equitable distribution of vaccines. Since the launch, Cloudflare has helped over 100 customers across more than 10 countries schedule approximately 100 million vaccinations. The company plans to extend Project Fair Shot until at least July 1, 2022, due to ongoing pandemic challenges and the need for booster shots.
Jul 29, 2021 475 words in the original blog post.
Cloudflare has introduced Smart Edge Revalidation, a feature designed to ensure efficient synchronization of compute resources between its edge and a browser. The new feature aims to reduce unnecessary origin calls by ensuring that HTTP response headers required for revalidation are present even when an origin doesn't send them. This results in less wasted bandwidth and compute for objects that do not need to be redownloaded, as well as faster browser page loads for users. Smart Edge Revalidation is set to be enabled automatically for all Cloudflare customers over the coming weeks.
Jul 28, 2021 1,239 words in the original blog post.
Cloudflare has introduced Crawler Hints, a new feature designed to reduce energy consumption and carbon output on the internet by minimizing unnecessary web crawling. The company estimates that excessive bot traffic generates 26 million tonnes of carbon cost per year, which could be reduced by ensuring search engine crawlers only visit websites when content has changed or been added. Crawler Hints provides high-quality data to search engine crawlers on when content has been modified, allowing them to time their crawling more efficiently and reduce resource consumption for both customers' origins and Cloudflare infrastructure. The feature also aims to improve the quality of search results by providing search engines with up-to-date information about website changes.
Jul 28, 2021 2,018 words in the original blog post.
Cloudflare has recently switched to using Arm server CPUs for its servers, resulting in a 57% increase in internet requests processed per watt compared to their previous AMD Rome CPUs. This change is part of the company's ongoing efforts to improve energy efficiency and reduce its carbon footprint. The new Arm-based processors, designed by Ampere, have shown significant improvements over x86 CPUs, which continue to dominate global data center energy consumption. Cloudflare hopes that this move will encourage other manufacturers to prioritize energy efficiency in their designs.
Jul 27, 2021 381 words in the original blog post.
Cloudflare has partnered with the Green Web Foundation (GWF) to ensure its Pages infrastructure is powered by 100% renewable energy. As part of this collaboration, all websites hosted on Cloudflare Pages are automatically listed on GWF's public global directory as official green hosts. Customers can verify their site's green hosting status using the Green Web Check tool and display a GWF badge to showcase their contributions to a more sustainable Internet. This partnership is part of Cloudflare's commitment to helping customers achieve their sustainability goals through its products, including the Carbon Impact Report and Green Compute on Cloudflare Workers.
Jul 27, 2021 576 words in the original blog post.
Matthew Prince, co-founder of Cloudflare, shares how the company has become environmentally friendly by design while not originally intending to reduce its environmental impact. Through efficiency and strategic partnerships with ISPs around the world, Cloudflare has managed to make significant strides in reducing carbon output. The company is now committing to be carbon neutral by 2022 and purchasing offsets for all historical carbon emissions from powering their global network. Additionally, they are ramping up deployment of hyper-efficient servers, offering developers a way to optimize for the environment with no additional cost, and working on an open standard to minimize excessive crawl traffic.
Jul 27, 2021 1,068 words in the original blog post.
Cloudflare has announced its commitment to powering its network with 100% renewable energy and aims to remove all greenhouse gases emitted since its launch in 2010 by 2025. The company is also releasing its first annual carbon emissions inventory report, which provides details on how it calculates its carbon emissions and renewable energy purchases. Cloudflare's commitment aligns with international standards such as the Greenhouse Gas (GHG) Protocol and ISO 14064, as well as industry best practices like RE100. The company is also exploring new products and ideas to leverage its network for better climate outcomes.
Jul 27, 2021 1,302 words in the original blog post.
Cloudflare introduces Green Compute, a feature that enables developers to run their compute workloads exclusively on parts of the edge network powered by renewable energy. This is achieved without any additional time, work, or complexity for users. The concept is simple: when turned on, all Cron-triggered Workers will be run on hardware located in facilities powered by renewable energy. Green Compute ensures that not only Cloudflare's network equipment but also the building facility as a whole are powered by renewable energy. This feature aims to bring sustainable computing to users without any additional effort or changes required.
Jul 27, 2021 737 words in the original blog post.
Cloudflare has introduced a new tool called Carbon Impact Report to help users understand the environmental impact of operating their websites, applications, and networks on its platform. The report outlines the carbon savings of using Cloudflare's network compared to average internet usage. Users can access this information through their Cloudflare dashboard. This feature is available for all plans and users. The company aims to provide more transparent information on carbon use, savings, and improvement suggestions in the future.
Jul 27, 2021 917 words in the original blog post.
Cloudflare has launched Project Pangea, a program that provides secure, performant, and reliable access to the Internet for community networks supporting underserved communities. The company is offering its suite of network services, including Cloudflare Network Interconnect, Magic Transit, and Magic Firewall, for free to nonprofit community networks, local networks, or other networks primarily focused on providing internet access to local underserved or developing areas. This initiative aims to help build an Internet for everyone by reducing the cost for communities to connect to the Internet while ensuring industry-leading security and performance functions are built-in.
Jul 26, 2021 2,272 words in the original blog post.
Roderick Fanou shares his journey of joining Cloudflare as a Systems Engineer in Austin, Texas after facing challenges accessing the internet during his travels through West Africa. He pursued studies in telecoms and conducted research on internet characteristics and routing dynamics in Africa. His experience led him to believe that more local content, support for local communities, and enabling developing regions are necessary. Fanou is excited about Cloudflare's Project Pangea, which aims to improve security and connectivity for community networks at no cost. He encourages stakeholders in developing regions to enquire about the project and partner with Cloudflare.
Jul 26, 2021 942 words in the original blog post.
Cloudflare introduces its newest Employee Resource Group (ERG), Flarability, which focuses on accessibility for people with disabilities. The group began as a conversation between colleagues who noticed the need for more inclusive workspaces and has grown to provide resources, support, and advocacy for employees with disabilities. Flarability's mission is to curate and share information about disabilities, create a community space for those with disabilities and their allies, and guide Cloudflare's accessibility programs. The group has partnered with the company's Places Team to ensure that future office spaces are designed with inclusivity and accessibility in mind. Members of Flarability share personal stories about how workplace accessibility initiatives have impacted them and emphasize the importance of self-advocacy for individuals with disabilities. The group plans to continue growing its membership, supporting company initiatives, and collaborating with other ERG leaders from various companies.
Jul 26, 2021 1,168 words in the original blog post.
The global Internet performance varies greatly across geographies, with some regions experiencing slow speeds and high latency due to factors such as ISP concentration and routing inefficiencies. In the United States, for example, median download speeds range from 142 Mbps in New York City to just 36 Mbps in San Francisco. France has a more even distribution of performance across its cities, with Paris having the highest speed at 107 Mbps and Marseille having the lowest speed at 85 Mbps. Brazil's median download speeds range from 24 Mbps in Campinas to just 3 Mbps in some parts of the Amazon region. South Africa has a similar distribution, with Johannesburg having the highest speed at 106 Mbps and Siyancuma having the lowest speed at 5 Mbps. In Alabama, USA, there is a strong positive correlation between more competition among ISPs and faster performance. Additionally, poor routing or "tromboning" can contribute to inefficiency and drive up the cost of Internet access. To improve global Internet performance, initiatives that promote more competition among ISPs and encourage more networks to interconnect in more places are needed. Reference(s): https://www.cloudflare.com/learning/network-layer/what-is-an-isp/ https://en.wikipedia.org/wiki/Internet_infrastructure https://en.wikipedia.org/wiki/Tromboning_(computing) https://ripe79.ripe.net/presentations/143-RISATLAS_20200518.pdf https://www.cloudflare.com/blog/project-pangea/ https://en.wikipedia.org/wiki/Internet_infrastructure#Interconnection_hubs ```
Jul 26, 2021 3,925 words in the original blog post.
Matthew Prince, co-founder of Cloudflare, shares the company's journey from starting as a business driven by market trends to becoming a mission-driven organization focused on building a better internet for everyone. The turning point came when they realized that their free service was helping small organizations with limited resources who faced large cyberattacks. This led them to launch projects like Project Galileo, Athenian Project, and Fair Shot, aimed at protecting important work, elections, and equitable vaccine distribution. As part of their first Impact Week, Cloudflare will announce initiatives focused on environmental sustainability, internet accessibility, and network health monitoring.
Jul 25, 2021 1,262 words in the original blog post.
A recent blog post highlighted a vulnerability in cdnjs, a platform that utilizes Cloudflare's services for hosting JavaScript, CSS, images, and fonts assets with over 4,000 libraries available. The issue allowed arbitrary code execution, potentially enabling modification of assets. Upon receiving the report, Cloudflare immediately took action to block exploitation, investigate potential abuse, and remediate the vulnerability. No existing libraries were modified using this exploit, and all assets hosted on cdnjs remained intact. The incident began with a package published by RyotaK exploiting the vulnerability, which led to GitHub alerting Cloudflare of exposed secrets. Within an hour, Cloudflare disabled the auto-update service and revoked all credentials. A new version of the auto-update tool was released within 24 hours. The security team reviewed access logs, API token usage, and file modification metadata, concluding that only RyotaK exploited this vulnerability during his research on test files. To prevent similar issues from being exploited in the future, Cloudflare implemented an AppArmor profile for its auto-update tool and redesigned the entire pipeline to isolate each step and library it processes. The company remains committed to maintaining a strong security posture through regular internal reviews, third-party audits, and encouraging vulnerability disclosure reports via HackerOne.
Jul 24, 2021 1,355 words in the original blog post.
The article discusses the pricing model of Amazon Web Services (AWS) for data transfer, also known as bandwidth or egress fees. It explains that while AWS initially improved flexibility and scalability in web hosting services, its pricing model has been criticized for being opaque and disadvantageous to customers. The author compares AWS's charging based on "stocks" (the amount of data delivered) with the industry standard of paying for "flows" (network capacity). They argue that this discrepancy leads to significant markups in egress fees, which have not decreased proportionally to falling wholesale bandwidth prices. The article also highlights AWS's refusal to join the Bandwidth Alliance and its resistance to passing on savings from peering with other networks to customers. It concludes by expressing hope that AWS will reconsider its pricing model and join the majority of the hosting industry in offering more equitable fees for data transfer.
Jul 23, 2021 1,675 words in the original blog post.
The article discusses high egress fees in the cloud industry that can lock customers into one provider and prevent them from choosing best-of-breed services or negotiating prices. To combat this, Cloudflare launched the Bandwidth Alliance with over fifteen partners who have agreed to reduce egress fees for data transfer. This alliance leverages Cloudflare's extensive network of more than 206 data centers globally and its interconnections with thousands of networks worldwide. The Bandwidth Alliance has provided significant benefits to customers in terms of cost savings and choice across their computing, storage, and other service needs.
Jul 23, 2021 1,060 words in the original blog post.
Cloudflare Workers has introduced usage notifications to provide users with insights about their serverless applications' traffic and performance. These notifications come in two forms: a weekly summary of the most popular workers, including total request counts, duration, egress data transfer, and median CPU time; and an on-demand notification triggered when a worker's CPU usage is 25% above its average over the previous seven days. The new feature aims to help users proactively manage their applications and catch significant changes in traffic or code. Currently, notifications are enabled by default for new free accounts but can be customized or disabled as needed. Cloudflare plans to gather user feedback before rolling out these notifications by default for all accounts.
Jul 22, 2021 721 words in the original blog post.
Cloudflare has expanded its presence in China through a partnership with JD Cloud, the cloud division of Chinese internet giant JD.com. The company's new China Network built on JD Cloud's infrastructure offers significant performance and security improvements compared to the previous in-country network. Key innovations include serving DNS inside China for faster response times and improved reliability, as well as mitigating DDoS attacks within the country through edge-based mitigation systems and remote signaling to Chinese ISPs. These advancements have resulted in a 30% performance boost for customers using Cloudflare's services in China.
Jul 22, 2021 1,444 words in the original blog post.
Cloudflare has announced a 25+ city partnership with one of Brazil's largest ISPs. This marks one of the largest simultaneous single-country expansions for the company and will significantly improve internet experience in Brazil. The expansion is part of Cloudflare's mission to help create a better internet, not just for major population centers or Western markets. The 25th percentile latency of non-bot traffic has already more than halved as new cities have gone live, with further improvements expected. This partnership will bring benefits to Latin America and is part of Cloudflare's ongoing global network expansion efforts.
Jul 21, 2021 437 words in the original blog post.
Recent weeks have witnessed massive ransomware and ransom DDoS attack campaigns that interrupted aspects of critical infrastructure around the world, including one of the largest petroleum pipeline system operators, and one of the world’s biggest meat processing companies. The latest attacks on Internet properties ranging from wineries, professional sports teams, ferry services and hospitals has brought them from just being background noise to front page headlines affecting our day-to-day lives. In fact, recent attacks have propelled ransomware and DDoS to the top of US President Biden’s national security agenda. The DDoS attack trends observed over Cloudflare’s network in 2021 Q2 paint a picture that reflects the overall global cyber threat landscape. Over 11% of surveyed customers who were targeted by a DDoS attack reported receiving a threat or ransom letter threatening in advance, in the first six months of this year. Emergency onboarding of customers under an active DDoS attack increased by 41.8% in 2021 H1 compared to 2020 H2. HTTP DDoS attacks targeting government administration/public sector websites increased by 491%, making it the second most targeted industry after Consumer Services whose DDoS activity increased by 684% QoQ. China remains the country with the most DDoS activity originating from within their borders — 7 out of every 1,000 HTTP requests originating from China were part of an HTTP DDoS attack targeting websites, and more than 3 out of every 100 bytes that were ingested in our data centers in China were part of a network-layer DDoS attack. Emerging threats included amplification DDoS attacks that abused the Quote of the Day (QOTD) protocol which increased by 123% QoQ. Additionally, as the adoption of QUIC protocol continues to increase, so do attacks over QUIC — registering a whopping 109% QoQ surge in 2021 Q2. The number of network-layer DDoS attacks in the range of 10-100 Gbps increased by 21.4% QoQ. One customer that was attacked is Hypixel, an American gaming company. Hypixel remained online with no downtime and no performance penalties to their gamer users, even when under an active DDoS attack campaign larger than 620 Gbps. In terms of bit rate, attacks under 500 Mbps constituted a majority of all DDoS attacks observed in 2021 Q2. Similarly, looking from the lens of packet rate, nearly 94% of attacks were under 50K pps. Even though attacks from 1-10M pps constituted only 1% of all DDoS attacks observed, this number is 27.5% higher than that observed in the previous quarter, suggesting that larger attacks are not diminishing either -- but rather increasing. In other cases, attackers generate small DDoS attacks as proof and warning to the target organization of the attacker’s ability to cause real damage later on. It’s often followed by a ransom email to the target organization, demanding payment to avoid suffering an attack that could more thoroughly cripple network infrastructure. This highlights the need for an always-on, automated DDoS protection approach. DDoS protection services that rely on manual re-routing, analysis and mitigation may prove to be useless against these types of attacks because they are over before the analyst can even identify the attack traffic. Distribution by attack duration shows that over 97% of all DDoS attacks lasted less than an hour. Short burst attacks may attempt to cause damage without being detected by DDoS detection systems. DDoS services that rely on manual analysis and mitigation may prove to be useless against these types of attacks because they are over before the analyst even identifies the attack traffic. In terms of attack vectors, attacks utilizing SYN floods and UDP-based protocols remain the most popular methods by attackers. Emerging threats included amplification DDoS attacks that abuse the Quote of the Day (QOTD) service which increased by 123% QoQ. In 2021 Q2, our data center in Haiti observed the largest percentage of network-layer DDoS attack traffic, followed by Brunei and China. Ransomware and ransom DDoS threats are impacting most industries across the globe — the financial industry, transportation, oil and gas, consumer goods, and even education and healthcare. Entities claiming to be ‘Fancy Lazarus’, ‘Fancy Bear’, ‘Lazarus Group’, and ‘REvil’ are once again launching ransomware and ransom-DDoS attacks against organizations’ websites and network infrastructure unless a ransom is paid before a given deadline. Cloudflare’s recommendation for organizations that receive a threat or ransom note: Do not panic, and we recommend you do not pay the ransom: Paying ransom only encourages and funds bad actors. There’s also no guarantee that you won’t be attacked again anyway. Contact local law enforcement: Be ready to provide a copy of the ransom letter you received and any other logs or packet captures. Activate an effective DDoS protection strategy: Cloud-based DDoS protection can be quickly onboarded in the event of an active threat, and with a team of security experts on your side, risks can be mitigated quickly and effectively. At Cloudflare, our teams have been exceptionally busy this past quarter rapidly onboarding (onto our Magic Transit service) a multitude of new and existing customers that have either received a ransom letter or were under an active DDoS attack. One such customer is Hypixel Inc, the development studio behind the world's largest Minecraft minigame server. With over 24M total unique logins to date and a world record 216,000+ concurrent players on PC, the Hypixel team works hard to add value to the experience of millions of players across the globe. DDoS attacks constitute just one facet of the many cyber threats organizations are facing today. As businesses shift to a Zero Trust approach, network and security buyers will face larger threats related to network access, and a continued surge in the frequency and sophistication of bot-related and ransomware attacks. Cloudflare offers an integrated solution that comprises an all-star cast featuring the following to name a few: DDoS protection, Web Application Firewall (WAF), Zero Trust security model, and holistic web protection.
Jul 20, 2021 3,205 words in the original blog post.
Load balancing is a functionality that has been around for 30 years and helps businesses leverage their existing infrastructure resources by steering traffic away from unhealthy origin servers and distributing traffic load based on different algorithms. Today, customers look for easy-to-use load balancers with quick propagation of changes and feature flexibility to meet the unique needs of different businesses. Cloudflare has introduced custom rules for its Load Balancing solution, allowing users to create complex, custom rules to direct traffic. This provides more granular control over traffic steering and origin selection decisions, catering to various use cases such as high-volume transactions for ecommerce or load balancing across multiple DNS vendors to support privacy and security. The new feature is built on top of the open-source wirefilter execution engine, which also powers Firewall Rules.
Jul 16, 2021 1,764 words in the original blog post.
Cloudflare uses Kubernetes to manage diverse services at its edge locations, with five geographically distributed clusters and hundreds of nodes in their largest cluster. These clusters are self-managed on bare-metal machines, which provides flexibility but also requires manual handling of node failures. One common issue is the accumulation of network interfaces owned by the Container Network Interface (CNI) plugin, which can cause a node to become unhealthy. To address this problem and other similar issues, Cloudflare developed Sciuro, an open-source tool that synchronizes Kubernetes node conditions with currently firing alerts in Alertmanager. This allows for automatic remediation of nodes based on existing monitoring and alerting infrastructure. The team has successfully used automatic node remediation to manage 571 nodes in the past 30 days, saving considerable human effort and reducing time to repair for some issues. Sciuro is now available on GitHub, and Cloudflare is looking for more people passionate about Kubernetes to join their team and contribute to its development.
Jul 15, 2021 2,302 words in the original blog post.
The recent Italy-England match during EURO 2020 was a thrilling event with an intense penalty shootout. Cloudflare has been tracking web traffic related to the tournament, revealing interesting patterns in UK visits to sports newspapers after key matches and increased interest in England's team sponsors following their defeat. Italian fans showed even greater enthusiasm for their team's success, resulting in higher traffic to Italy's team sponsor websites.
Jul 12, 2021 193 words in the original blog post.
Cloudflare has introduced Origin Error Rate notifications, a new feature designed to detect and notify users when the company sees elevated levels of 5xx errors from their origin. Unlike previous alerts that only notified users when every request to an origin returned a 521 error for five minutes, this new system uses anomaly detection to identify spikes in error rates and alert users before issues become widespread. The feature is based on Service Level Objectives (SLOs), which are defined metrics and values agreed upon between customers and service providers. Users can choose their desired SLO and the Internet properties they want to monitor, with options for high, medium, or low sensitivity.
Jul 08, 2021 1,279 words in the original blog post.
Cloudflare's Transform Rules allow users to modify HTTP/HTTPS requests without using Cloudflare Workers. This feature is useful for normalizing URLs, rewriting URL paths and queries, and modifying headers based on different conditions and logic. The rules cover three main areas: URL Normalization, URL Rewrite, and Header Modify. URL Normalization transforms encoded URLs to a standard format before applying security features, while URL Rewrite allows for both static and dynamic rewrites of the URL's path and/or query string. Header Modify enables users to add or remove static or dynamic headers based on various attributes of the request. These rules can be easily configured without requiring any scripts, offloading the heavy lifting from origin servers.
Jul 07, 2021 1,297 words in the original blog post.
Cloudflare and Microsoft Azure have partnered to provide a lower cost data transfer solution for mutual customers through the Microsoft Routing Preference service. This integration benefits from the global interconnectivity between both networks, offering predictable performance and reduced costs. The process is seamless and can be enabled in three simple steps on the Azure dashboard. Customers are already enjoying these benefits, which include cost optimization and vendor flexibility.
Jul 06, 2021 765 words in the original blog post.
In May, Cloudflare celebrated APAC Heritage Month through various events and content focusing on sharing stories and experiences of their community members. The initiative was a collaboration between Desiflare and Asianflare, Employee Resource Groups for employees of Asian descent. They hosted several segments to highlight the strong culture and heritage with moderated panels, featuring leaders in the industry of APAC descent around the world discussing their journey and struggles. The events covered topics such as the Asian American experience, youth experiences, culinary explorations, career stories, and more. The goal was to bring visibility to diverse APAC experiences and inspire others through these narratives.
Jul 05, 2021 1,555 words in the original blog post.
A cybersecurity advisory has been published by international security agencies warning about widespread attacks against government and private sector targets worldwide since mid-2019. These attacks involve brute force access attempts, network traversal using known vulnerabilities, and deployment of remote shells for gathering additional information. In response to this ongoing threat, Cloudflare has accelerated the release timeline of its WAF mitigations and exposed credential check feature to protect its customers. The company is also encouraging users to implement additional best practices such as multi-factor authentication, account time-out and lock-out features, and stronger methods of authentication that require "having" something like a hard token or client certificate.
Jul 01, 2021 1,029 words in the original blog post.