Cross-site scripting is now responsible for 40 percent of all web attacks -- here's what you need to know

A new report from edge cloud platform Fastly shows that cross-site scripting (XSS) now makes up 40 percent of all web attacks, up from 21 percent two years ago.

High-tech companies have been targeted the most, representing 35 percent of observed attacks, followed closely by the commerce sector with 31 percent. Top sources of attack traffic originated from large hosting providers with Amazon alone accounting for 28 percent of overall volume.

In addition 28 percent of all observed attacks originated from IPs listed on Fastly's NLX, a shared, real-time threat feed of confirmed malicious IPs.

"What stands out isn't the sophistication of attacks, but the opportunistic behavior of the
attackers," says Simran Khalsa, staff security researcher at Fastly. "Rather than developing
new exploits, many attackers continue to recycle the same techniques, relying on the likelihood that some systems remain unpatched or misconfigured."

While vendor narratives often focus on sophisticated, novel threats, Fastly's data shows that
most attacks are broad in scope, reusing the same tactics, infrastructure, and tools across
multiple targets. These attacks are noisy, repetitive, and often leave clear signals, underscoring the effectiveness of Fastly's proactive approach to security.

Among other findings, across all Fastly customers, account takeover attempts using compromised passwords averaged over 1.3 million per day, driven in part by the use of proxy services to automate activities.

Bot management data reveals that over a third (37 percent) of all observed traffic came from bots, while 63 percent originated from human users.

The full report is available from the Fastly site.

Image credit: Yuri Arcurs/Dreamstime.com