Home / Companies / Cloudflare / Blog / June 2024

June 2024 Summaries

19 posts from Cloudflare

Filter
Month: Year:
Post Summaries Back to Blog
The Biden vs Trump debate influenced Internet traffic at the state level in the US, with drops in traffic as high as 17% (in Vermont) during the debate. Microblogging and video streaming platforms saw traffic changes during the debate. Trump-related sites, including donation platforms, gained much more traction than Biden’s during and after the debate. Emails with “Trump” in the subject had higher rates of spam and malicious content compared to those with “Biden.” No increase in cyberattacks during the debate, but frequent DDoS attacks targeted government and political sites in the preceding months.
Jun 28, 2024 1,826 words in the original blog post.
Cloudflare's Hyperdrive recently added support for Postgres protocol-level named prepared statements across pooled connections. Named prepared statements allow Postgres to cache query execution plans, providing potentially substantial performance improvements. This feature is now available to users without needing any significant changes to their applications. The implementation of this feature in Hyperdrive involved challenges such as buffering messages and taking a connection from the pool while maintaining transparency for clients and servers.
Jun 28, 2024 2,411 words in the original blog post.
Cloudflare introduces a novel method of function calling that co-locates LLM inference with function execution, along with a new ai-utils package for enhancing the developer experience. This follows their mid-June announcement on traditional function calling, which allows users to leverage an LLM to generate structured outputs and pass them to an API call. The goal is to make building with AI as easy as possible by offering open-source model inference and a great developer experience. With embedded function calling and the ai-utils package, developers can create intelligent AI agents more easily, opening up endless possibilities.
Jun 27, 2024 1,253 words in the original blog post.
On June 20, 2024, two independent events caused an increase in latency and error rates for Internet properties and Cloudflare services lasting 114 minutes. The first event was due to network monitoring detecting performance degradation, causing backbone congestion between 17:33 and 17:50 UTC. The second event occurred when a new DDoS mitigation mechanism deployed between 14:14 and 17:06 UTC triggered a latent bug in the rate limiting system that allowed a specific form of HTTP request to cause a process handling it to enter an infinite loop between 17:47 and 19:27 UTC. The impact from these events was observed in many Cloudflare data centers around the world. To prevent similar problems from occurring again, Cloudflare has made changes to its systems and processes.
Jun 26, 2024 2,760 words in the original blog post.
Polyfill.io, a popular JavaScript library service, has been reported to be used for injecting malicious code into users' browsers, posing a threat to the internet due to its widespread use. To mitigate this risk, Cloudflare has released an automatic JavaScript URL rewriting service that replaces any link to polyfill.io with a link to their mirror under cdnjs. This feature is automatically activated for free plan customers and can be turned on with a single click for paid plan customers. It is recommended to remove the use of polyfill.io and replace it with a secure alternative, even if not using Cloudflare.
Jun 26, 2024 1,287 words in the original blog post.
Password reuse is a significant security risk, as it allows attackers to gain access to multiple accounts using just one compromised password. To address this issue, Cloudflare has introduced a feature that automatically checks whether customers' passwords have appeared in an attacker's list. If a leaked password is detected, users will be prompted to change their password immediately. Additionally, the best way to protect any Internet account is by adding two-factor authentication (2FA), which provides comprehensive defense against credential stuffing attacks. Cloudflare encourages users to adopt unique passwords and 2FA for improved account security.
Jun 24, 2024 1,425 words in the original blog post.
Bots using residential proxies are a significant challenge for security engineers trying to combat online abuse. Advanced bots can bypass country blocks and rate-limiting, making it difficult to identify malicious traffic. Cloudflare's new Bot Management machine learning model (v8) identifies residential proxy abuse without resorting to IP blocking, which can cause false positives for legitimate users. The model focuses on two areas of abuse: attacks leveraging residential IP proxies and those originating from cloud providers. By using a combination of network-level discrepancies and behavioral signals, the new machine learning model detects residential proxy traffic on a per-request basis while allowing benign residential users to visit Cloudflare-protected websites.
Jun 24, 2024 2,299 words in the original blog post.
Cheating on exams has become easier with the growth of mobile connectivity and social media, leading some governments to take aggressive action to prevent it. In recent years, Syria, Iraq, and Algeria have implemented nationwide internet shutdowns during exam periods as a measure against cheating. However, these shutdowns have been criticized for their broad negative impact on society. Some governments are now turning to more nuanced techniques such as content blocking or connection tampering, which can be just as disruptive as full shutdowns. The exact methods used by these countries to implement internet disruptions remain difficult to identify from the outside.
Jun 21, 2024 3,133 words in the original blog post.
The UEFA Euro 2024 tournament has been found to significantly impact Internet traffic in European countries with national teams participating. On average, traffic dropped by 6% during games in these nations. Countries such as the Netherlands, Turkey, Belgium, Croatia, Slovakia, Serbia, and host Germany experienced a significant decrease in HTTP requests during their national team matches, with some countries experiencing a drop of at least 12%. Traffic to social media services usually goes up during half-time and before and after these games. Internet traffic tends to decrease for websites related to productivity tools, business and financial services during Euro 2024 games.
Jun 21, 2024 981 words in the original blog post.
Stream has introduced an AI-generated caption feature for its customers' on-demand videos and live stream recordings. This new functionality is integrated into the existing video management workflow, making it easier to add captions and enhance accessibility. The solution is designed with privacy and data protection in mind, ensuring that users' content remains secure within Cloudflare's ecosystem throughout the caption generation process. Currently, only English captions can be generated for videos shorter than 2 hours during the beta phase.
Jun 20, 2024 1,274 words in the original blog post.
The author is joining Cloudflare as Vice President of Sales for the US, Canada, and Latin America. They have previously led sales teams at IBM and Cisco, driving billions in revenue. They believe that Cloudflare has a unique opportunity to help businesses navigate technological change, particularly in cloud computing, AI, and cybersecurity. The author sees potential for significant growth at Cloudflare, similar to their experience at Cisco. Their focus will be on driving predictable, profitable revenue while maintaining high standards for talent. They emphasize the importance of customer-centricity and understanding customers' challenges, product combinations, and competition. The author is excited about Cloudflare's mission to help build a better Internet and its commitment to offering free services to vulnerable voices online through Project Galileo.
Jun 20, 2024 791 words in the original blog post.
Cloudflare launched Project Galileo 10 years ago, providing security services at no cost to over 2,600 independent journalists and nonprofit organizations worldwide that support human rights, democracy, and local communities. The program originated from a mistake in which an important Ukrainian newspaper was kicked off the Internet during Russia's invasion of Ukraine due to a DDoS attack. Since then, Project Galileo has grown significantly, protecting more than 2,600 entities across 111 countries and partnering with 54 civil society organizations. The program offers free security services to participants, including protection against nation-states, ransomware, and phishing attacks. Collaboration between Cloudflare, civil society groups, government, and industry partners has been crucial in expanding protections for at-risk organizations.
Jun 12, 2024 2,408 words in the original blog post.
In November 2023, Australia unveiled its Australian Cyber Security Strategy for 2023-2030, emphasizing the need for private sector collaboration to protect smaller at-risk entities. Cloudflare and Critical Infrastructure - Information Sharing and Analysis Centre (CI-ISAC) have partnered to support Australia's General Practitioner (GP) clinics through Project Secure Health. This initiative offers free membership in CI-ISAC, threat intelligence products and services, as well as key Cloudflare services such as Gateway and Access for eligible GP Clinics with fewer than 50 staff members. The goal is to help these small but essential healthcare entities protect patient data from cyber threats like data breaches, ransomware attacks, phishing scams, and insider threats.
Jun 11, 2024 643 words in the original blog post.
The 2024 European Parliament election saw a significant impact on Internet traffic, with hundreds of millions of Europeans from 27 EU countries electing 720 members. Central European countries experienced the highest drop in internet traffic during voting hours, while Southern and Eastern Europe had moderate to significant drops. After voting ended, there was an increase in HTTP requests as election results were announced. Cyberattacks on government websites in the EU have been a growing concern, with 8.6 billion threats mitigated between January and June 2024.
Jun 10, 2024 1,735 words in the original blog post.
The year 2024 is being called "the" year of elections, with more voters than ever going to the polls in at least 60 countries for national elections, plus the 27 member states of the European Union. This includes eight of the world's ten most populous nations, impacting around half of the world's population. To track and analyze these significant global events, a 2024 Election Insights report has been created on Cloudflare Radar, which will be regularly updated as elections take place. The data shows that during elections, there is often a decrease in Internet traffic during polling hours, followed by an increase as results are announced. This trend has been observed before in countries like France and Brazil, and more recently in Mexico and India. Some regions, like Comoros and Pakistan, have experienced government-directed internet disruptions around election time. The report also highlights the ongoing threat to critical infrastructure across Europe, with government sites frequently targeted by cyberattacks.
Jun 07, 2024 2,236 words in the original blog post.
The 2024 European Parliament election commenced in the Netherlands on June 6 and will continue through June 9 across other EU countries. Cyberattacks, specifically DDoS attacks, have been observed targeting multiple election or politically-related Internet properties during this period. Notably, a pro-Russian hacker group called HackNeT claimed responsibility for the cyberattacks on Dutch political party websites. Cloudflare systems detected and mitigated these attacks, which reached over 1 billion HTTP requests in the Netherlands. The main DDoS attack peaked at 73,000 requests per second (rps) on June 5. Geopolitical motivations often influence cyberattacks during elections or times of conflict.
Jun 06, 2024 581 words in the original blog post.
In celebration of its 10th anniversary, Cloudflare has released the Project Galileo 10th anniversary Radar dashboard to provide insights into the experiences of organizations working in public interest when it comes to keeping their websites online. The report highlights that between May 1, 2023, and March 31, 2024, Cloudflare blocked 31.93 billion cyber threats against organizations protected under Project Galileo, averaging nearly 95.89 million cyber attacks per day over the 11-month period. Journalism and media organizations were found to be the most attacked, accounting for 34% of all attacks targeting Internet properties protected under Project Galileo in the last year. The report also covers various case studies on protecting free speech and a free press, as well as protecting organizations during times of conflict.
Jun 06, 2024 1,195 words in the original blog post.
Between June 6-9, 2024, millions of European Union citizens will participate in the European Parliament elections, one of the largest democratic exercises globally. Ensuring a secure and fair electoral process is a top priority for EU institutions, national governments, and cybersecurity agencies across the EU. The NIS Cooperation Group has issued an updated Compendium on safeguarding the elections amidst cybersecurity challenges, highlighting new risks such as AI-enabled information manipulation and increased sophistication of threat actors. Cloudflare is well positioned to support governments and political campaigns in managing large-scale cyber attacks through its Athenian Project, which provides free protection for election entities worldwide.
Jun 05, 2024 1,786 words in the original blog post.
Cloudflare recently migrated its logging pipeline from syslog-ng to OpenTelemetry Collector. The migration aimed to replace the existing infrastructure as transparently as possible and involved building four internal components for the initial version of the collector. Reasons for this shift included the ability to contribute improvements more easily, better support for Post-Quantum cryptography libraries, built-in support for Prometheus metrics, and unification onto one daemon for all types of telemetry. The migration process involved building an internal distribution of OpenTelemetry Collector using OCB (OpenTelemetry Collector Builder), creating custom components like cfjs1exporter, fileexporter, externaljsonprocessor, and ratelimit processor, and deploying the collector to both edge and core data centers. Lessons learned during this process included addressing failover issues and minimizing cutover delays. Future improvements include better handling for log sampling, insights for engineering teams on telemetry production, migration to OTLP as a line protocol, and upstreaming of custom components.
Jun 03, 2024 2,146 words in the original blog post.