Post Syndicated from João Tomé original https://blog.cloudflare.com/radar-2024-year-in-review-internet-services

Since the late 1990s, millions have relied on the Internet for searching, communicating, shopping, and working, though 2.6 billion people (about 31% of the global population) still lack Internet access. Over the years, use of the Internet has evolved from email and static sites to social media, streaming, e-commerce, cloud tools, and more recently AI chatbots, reflecting its constant adaptation to users’ needs. This post explores how people interacted online in 2024, based on Cloudflare’s observations and a review of the year’s DNS trends.

Building on similar reports we’ve done over the past several years, we have compiled a ranking of the top Internet properties of 2024, with the same categories included in 2023, including Generative AI. In addition to our overall ranking, we chose 9 categories to focus on:

1. Generative AI

2. Social Media

3. Ecommerce

4. Video Streaming

5. News

6. Messaging

7. Metaverse & Gaming

8. Financial Services

9. Cryptocurrency Services

As we have done since 2022, our analysis uses anonymized DNS query data from our 1.1.1.1 public DNS resolver, used by millions globally. We aggregate domains for each service (e.g., twitter.com, t.co, and x.com for X) and identify the sites that provide services to humans, thus excluding technical domains like root-servers.net. Rankings reflect relative popularity within categories, not absolute traffic. Therefore, a drop in rank doesn’t always indicate less traffic to a specific Internet service — it may simply reflect increased competition from other services, leading to a change in rank.

This part of the 2024 Cloudflare Radar Year in Review highlights shifts in Internet services, with rising platforms like Temu, GitHub Copilot, and WeChat reflecting changing user preferences. ChatGPT (OpenAI) also played a more prominent role in the generative AI space and in our Overall ranking, nearly reaching the Top 50. Major events like the Paris Olympics and US elections influenced rankings as well, boosting Olympics-related sites and news platforms like CNN and Fox News.

Keep reading for a detailed look at the evolution of trends throughout the year. For more, visit our 2024 Cloudflare Radar Year in Review microsite. Along with the lists of most popular Internet services, the Year in Review microsite and its associated blog post explore a number of additional metrics.

Since 2021, we’ve started our review of rankings with an Overall Top 10 list, showcasing the most popular Internet services globally based on DNS traffic from our 1.1.1.1 resolver. Unsurprisingly, Google (including services like Google Maps and Google Calendar) remained the #1 Internet service in 2024. Since introducing our ranking method two years ago, no other service has come close to challenging Google’s top spot. It’s important to note that Apple and Microsoft are similar to Google in that their main domains (apple.com or microsoft.com) are used for many different services. We include other services separately, such as Outlook or iCloud, which use their own specific domains.

1. Google

2. Facebook

3. Apple

4. TikTok

5. Amazon Web Services

6. Microsoft

7. Instagram

8. YouTube

9. Amazon

10. WhatsApp

Beyond Google, Facebook consistently held the #2 spot throughout 2024. Last year, it competed with Apple for that position. Apple, which uses domains like apple.com for services related to its software and devices, was generally #3. However, TikTok challenged that position on several days since late August. Amazon Web Services (AWS), differentiated from Amazon by domains like amazonaws.com, performed better this year compared to 2023. It held the #5 spot but often traded places with Microsoft during the year.

Instagram also rose in the rankings. It was around #8 in 2023 and steadily improved. Now, it holds the #7 spot, ahead of YouTube.

Amazon remained at #9 for most of the year, the same as in 2023. WhatsApp, owned by Meta, appeared in the Top 10 for the first time, taking the #10 spot.

Close to the Top 10 were Apple’s iCloud, Netflix (which performs better on weekends), and Microsoft’s Outlook.

In the chart below, you can follow the evolution of the top Internet services in our Overall ranking throughout the year.

In 2022, X (then known as Twitter) ranked as high as #10 in our overall ranking and was close to Instagram. It never reached the top 10 in 2023, and in 2024, X dropped further, to #14 or #15. More on X’s performance in the Social Media category below.

Generative AI gained global attention in late 2022 with the launch of ChatGPT, and became a global phenomenon during 2023. By 2024, ChatGPT (OpenAI) continues to be by far the most popular service in this category, which includes chatbots, coding bots, and more. Other generative AI services had more stable rankings compared to 2023.

1. ChatGPT (OpenAI)

2. Character.AI

3. Codeium

4. QuillBot

5. Claude (Anthropic)

6. Perplexity

7. GitHub Copilot

8. Wordtune

9. Poe

10. Tabnine

Significant changes occurred below ChatGPT’s first place ranking throughout the year. Character.AI, an AI-driven chatbot platform, maintained a strong #2 position, staying ahead of Codeium, a code-generation AI tool that has improved its position since June, and Quillbot, an AI writing and paraphrasing tool.

Claude, the AI chatbot from Anthropic, rose in the rankings, particularly after March 4, when the new model, Claude 3, was introduced, and again later in May when it became available in Europe. It reached #5 in June. Perplexity, an AI-driven search and Q&A platform, started the year outside the Top 10 but ended close to Claude. It surpassed Claude for the first time on November 6, 2024, the day after the U.S. elections, reaching #6.

This next chart shows movement among the Generative AI services that were more popular later in the year.

Several new players entered the Top 10 AI rankings in 2024, showing strong growth. GitHub Copilot, an AI-powered coding assistant, experienced the fastest rise, entering the Top 10 in September (after reaching the Top 20 in June) and staying mostly between #5 and #3 by November, as the next chart shows. Similarly, Suno AI, an AI-powered audio and music generation platform, entered the Top 10 in April, briefly dropped out, but stabilized between #6 and #10 after October — in November, it ranked #6 on weekends.

Some platforms lost ground in the rankings. Wordtune, an AI writing assistant, peaked at #4 during mid-year but declined afterward. Tabnine, another AI-powered coding assistant, held the #5 spot for months but slipped after July. In contrast, Sider AI, a coding assistant, entered the Top 20 in March and finished the year around #12. Poe, an AI chatbot platform, ranked #5 in 2023 and between #5 and #6 before June, but ended 2024 moving around #10, performing better during weekends.

Google Gemini, Google’s AI assistant and model, performed better on weekdays and started the year ranking between #7 and #10, but dropped out of the Top 10 after July as newer AI platforms gained momentum. Hugging Face, an open-source AI and machine learning platform, mostly fluctuated between #7 and #9 during the year, peaking at #4 on August 18 around the time several models were updated, and and as it reached its milestone of 5 million users. However, it fell out of the Top 10 by September.

Midjourney, an AI-powered platform for generating images, performed well until June, when it was close to the Top 10. Additionally, the OpenAI API ranked #18 in the Generative AI category on May 14-15, coinciding with OpenAI’s announcement of GPT-4o availability, including in the API.

Notable trends that we observed when looking at trends for Generative AI services within our larger Overall ranking include:

• ChatGPT continued its growth in 2024, similar to 2023. In early 2023, it ranked around #200 and ended the year near the top 100. In 2024, it started close to the top 100, reached the top 60 in May with the release of the 4o model, and has been near the top 50 since September, aligning with the return of workers and students to their routines. It ranks higher on weekdays, averaging #56, and drops on weekends.

• Comparing ChatGPT with other known and non-AI related websites, by late November, ChatGPT ranked ahead of Weather.com, Temu, eBay, Telegram, Google Calendar, and Prime Video, but trailed Disney Plus

Character.ai also showed a clear growth trend in our Overall ranking, from outside the top 200 earlier in the year, to above #180 after July, performing better in August, reaching as high as #161. The AI-driven chatbot platform performed better on weekends than on weekdays, the opposite of ChatGPT.

• Codeium entered the top 300 in July. It ranked higher on weekdays than weekends.

According to Kepios, there are an estimated 5.22 billion social media users worldwide in 2024 (up from 4.95 billion last year), representing 63.8% of the global population. Social media continues to play a major role in daily life, serving as a key platform for communication, information, and attention.

Once again, social media giants like Facebook, TikTok, and Instagram dominate, ranking among the top 10 most popular Internet services overall.

1. Facebook

2. TikTok

3. Instagram

4. X

5. Snapchat

6. LinkedIn

7. Discord

8. Kwai

9. Pinterest

10. Reddit

In the Social Media category rankings, the top seven remain unchanged from last year. However, there are notable developments in this category. In 2022, X briefly challenged Instagram for the #3 spot during a few days. Since 2023, X has held a solid #4 position, with Snapchat closing in and reaching #4 for the first time on several days in September and October.

LinkedIn stayed steady at #6, followed by Discord. Kwai, a Chinese video app popular in Brazil (with 60 million reported users) and other countries (a reported ), rose from #10 last year to #8. Further down the list, Pinterest kept its #9 rank, while Reddit, previously #8 in 2023, dropped to #10 this year, but peaked at #7 on November 26, just before Black Friday and Thanksgiving in the US. Here’s the Social Media Top 10 chart for 2024:

Our global ranking also highlights several non-Western platforms in the Top 20. These include Douyin (#11), the Chinese version of TikTok; VK (#12), often referred to as the Russian Facebook; and TikTok rivals popular in Southeast Asia SnackVideo (#13) by Chinese Kuaishou (that also owns Kwai). OnlyFans appeared consistently in the Top 20 starting in September, ranking around #18 and surpassing Tumblr by late November.

The #18 spot was briefly held by X alternative Threads (by Instagram) in late September and by Bluesky starting November 18. Mastodon-related servers reached as high as #19 for several days since late August. Here’s a look at X (on top) and its alternatives in this category:

Let’s move beyond the Social Media category to see how these platforms performed in our Overall ranking, where bigger shifts between services are evident.

As we’ve seen, Threads, Bluesky, and Mastodon (via an aggregation of popular servers) didn’t break into the Top 10 of the Social Media category. However, in the Overall ranking, Mastodon servers, bundled together, consistently ranked between #208 and #248, performing better on weekends.

Bluesky entered the Top 250 in September 2024, and gained additional attention after the US elections. It rose sharply after November 14, peaking at #193 on November 20, and has since stabilized around #220. 

Threads entered the Top 250 in August 2024, peaking at #183 on September 24 before dropping out in October. In 2023, Threads peaked at #227 in early July but fell out of the Top 250 by late August. It’s worth noting that Threads also uses Instagram’s cdninstagram.com for images and videos, which may influence Threads position in our DNS rankings (that said, Instagram wasn’t impacted by Threads appearance in our rankings).

Here are some other trends we observed among social media apps, and how they did in our Overall ranking:

• Instagram’s best day (#6 in the Overall ranking) was August 5, 2024, coinciding with the week the app was banned in Turkey.

• X’s best day of the year in our ranking was April 14, when it reached #12. This coincided with Arsenal losing the top position in the English football/soccer Premier League (the most-watched sports league in the world) to Manchester City, which went on to win its fourth title in a row. Last year, we noted how football/soccer in England impacted X’s ranking. X also reached #13 on August 9 and 10, during the final weekend of the Paris 2024 Olympics.

• X performed better on weekdays, while LinkedIn ranked higher between Mondays and Wednesdays. Snapchat and Discord performed better on weekends.

• Reddit consistently stayed in our Top 50 in 2024, showing growth from around #45 to #40 by November, with a peak at #38 on November 26. It performed better between Mondays and Wednesdays.

• Quora displayed a downward trend in our ranking, dropping from around #140 to #160. It performed better between Mondays and Wednesdays. 

• Tinder, which performs better on Sundays, started the year around #150 but eventually dropped below #160.

• Tumblr followed a similar pattern, dropping out of the Top 200, where it was in early 2024, to outside the ranking entirely since September. Tumblr performed better on weekends.

• OnlyFans showed growth in our Overall ranking, sitting around the Top 220 with a peak at #213 on December 1. It performed better on weekends.

The importance of e-commerce continues to grow, as highlighted in our recent Cyber Week 2024 blog post. Amazon leads the category, followed by Taobao, the Chinese marketplace, holding a steady #2 spot as it also did in 2023. New to #3 is AliExpress, the global online retail giant from China.

1. Amazon

2. Taobao

3. AliExpress

4. Shopify

5. Temu

6. Alibaba

7. eBay

8. Shein

9. Mercado Libre

10. Wildberries (RU)

Compared to 2023, eBay lost its #3 spot globally and dropped down to #7, despite starting 2024 at #3 for several days. AliExpress claimed #3, followed by Shopify (#4), the Canadian platform hosting numerous online stores, and Temu (#5). Temu, the low-cost, fast-fashion marketplace launched in the US in September 2022, ended 2023 at #7 but rose to #5 in 2024, occasionally reaching #4 since August. Alibaba dropped to #6 in September.

Shein, the Chinese fast-fashion brand, continued its growth and overtook Mercado Libre (#8) in November. A surprise this year was Wildberries, often called Russia’s “Amazon,”  that has been expanding to several neighboring countries (including some in Europe). It climbed to #10 in September, surpassing OLX (which held #10 for several months), Rakuten, and Lazada.

Looking at how e-commerce sites performed in our Overall ranking, we observed the following trends:

• Amazon fluctuated between #9 and #10 after October, returning to #9 on November 30 and December 1, during the Black Friday weekend. It often performed better on weekends.

• Shopify’s best day of the year was Black Friday, November 29, when it reached #55. The global e-commerce platform performed better during weekdays.

• Temu, known for low-cost products, started 2024 outside the Top 100 but climbed into the Top 70 by year-end. It performed best in late October and early November, peaking at #63, with a Black Friday spike to #65.

• Shein, the Chinese fast-fashion brand, showed growth, nearing the Top 100 in early 2024 before dropping to the Top 140 between June and October. It rebounded in November, peaking at #83 on Black Friday. A similar trend was observed in 2023, when it ended the year around the Top 120. Here’s the comparison between recent players Temu and Shein:

• eBay consistently ranked between #72 and #80, peaking at #62 on October 5-6 and again in late November, just before Black Friday. It often performed better on weekends.

• Mercado Libre, the Latin American marketplace, had its best day on Black Friday, November 29, reaching #100.

• Adidas entered the Top 250, ranking #232 on Black Friday, November 29.

• Target performed well in November, peaking at #133 on November 27, the day before Thanksgiving in the US, and at #127 on December 1. It often performed better on Sundays.

• Walmart improved its performance from September onward, with its best days on November 25-26, reaching #150.

• Ikea, the Swedish furniture retailer, peaked at #247 on June 29.

The relevance of video streaming platforms shows no signs of fading. In 2024, the Top 3 rankings stayed unchanged from 2023, with YouTube firmly holding the #1 spot, followed by Netflix. Among paid streaming services, Netflix leads, trailed by Disney Plus and Amazon Prime Video. Other paid streaming services are outside the Top 10, including, in ranked order: HBO/Max, Hulu, Peacock, and Paramount Plus.

1. YouTube

2. Netflix

3. Twitch

4. Roku

5. Disney Plus

6. Amazon Prime Video

7. Vimeo

8. Plex.TV

9. Pluto TV

10.  Bigo Live

Twitch, a live-streaming platform for gaming, kept the #3 spot, as it did in 2023 and 2022. Roku, a digital media player that also offers streaming services, ranked #4, maintaining its position from last year. Similarly, Disney Plus (#5) and Amazon Prime Video (#6) held their spots, while Hulu dropped out of the Top 10.

The creative video platform Vimeo showed clear popularity growth since May, followed by recent players like Plex TV, a media platform with streaming that performed better starting in October, and Pluto TV, a free ad-supported streaming service that also showed growth throughout the year. Bigo Live, a live-streaming social platform, entered the Top 10 rankings in May. 

Next, the Top 10 overtime perspective:

Throughout the year, Disney Plus occasionally challenged Roku, especially on weekends, a trend similar to what was observed in 2023.

Looking at how video streaming services performed in our Overall ranking, we found:

• Netflix consistently ranked #12 on most weekends, particularly Sundays, through late May and resumed the same trend after August. Netflix, Disney Plus, Prime Video, and HBO/Max were more popular on weekends, especially Sundays.

• Disney Plus ranged between #50 and #60, with a strong start to the year and a spike to #51 on September 22, coinciding with the premiere of the new Marvel show Agatha All Along.

• Prime Video had its best day in the rankings on May 25, at #56, the day the movie Bombshell with Nicole Kidman premiered on the platform.

• HBO/Max was consistently around the Top 100 until August. but dropped out after October.

• Peacock had an inconsistent presence in the Top 250 but reappeared in late July during the Paris 2024 Olympics, reaching #176 on July 28. That was one of the busiest days for Olympic events, as detailed in our blog post on the event.

• Paramount Plus was mostly outside the Top 250 this year but peaked at #216 on February 11, the day of the Super Bowl, which the platform streamed.

News organizations are vital for keeping the public informed, especially during crises. With that in mind, this ranking of news services, some of which are well-established news outlets while others are news aggregators, also highlights a few newsworthy trends.

1. Globo

2. BBC

3. NY Times

4. CNN

5. Fox News

6. Google News

7. Yahoo Finance

8. Daily Mail

9. RT

10. NewsBreak

This year’s rankings in the news category mirrored 2023 at the top. Globo, the Brazilian media giant — one of the largest in Latin America and globally — encompassing radio, TV, newspapers, and magazines, stayed #1, followed by the British BBC at #2, that operates globally and in 42 languages. 

The New York Times rose to #3 this year (it was #5 in 2023), overtaking CNN (#4) and Fox News (#5), which dropped from its position at #3 in 2023 and this year came behind CNN.

Several prominent outlets, such as the Washington Post, The Guardian, NPR, and the Wall Street Journal, fell out of the Top 10 this year. These outlets had higher rankings in late 2023 following the start of the Hamas-Israel conflict on October 7. News aggregators gained prominence, with Google News (#6) and also Yahoo Finance (#7), focused on financial news (and that came in front of Yahoo News), and NewsBreak (#10), a US-based local news app, entering the Top 10. 

The British Daily Mail, which has also expanded its focus to the US and Australia, ranked #8, followed by RT, the Russian news TV network with a global presence. RT launched its Brazil/Portuguese version in late 2023 and was recently highlighted in a report and an alert from the US Department of State regarding its global operations.

The US elections impacted rankings. CNN climbed to #2 on November 5, election day, and reached #1 on November 6, while Fox News peaked at #3. NBC News also improved, reaching #11 on November 5 and #7 the following day. Associated Press ranked #8 on November 5 as well. Here’s the News ranking:

Notable news trends we identified in our larger Overall ranking include:

• As we’ve seen in the News category, the US elections on November 5, 2024, caused CNN, Fox News, and others to jump in our rankings. This trend was also evident in the Overall ranking for the following media outlets, listed by performance. November 6 was the best day of 2024 for each:

  • CNN: #105 on November 5; #72 on November 6

  • Fox News: #153 on November 5; #92 on November 6

  • BBC: #115 on November 5, and #97 on November 6

  • NY Times: #149 on November 5; #98 on November 6

  • NBC News: #160 on November 6

  • Associated Press: #166 on November 6

  • Google News: #250 on November 5; #228 on November 6

  • Wall Street Journal: #241 on November 6

  • Washington Post: #245 on November 6

In the next chart we show rankings for CNN, Fox News, the BBC, and NY Times:

• Brazil made headlines in late February when thousands of Bolsonaro supporters protested to defend the former president against investigations. During this period, Globo moved up the rankings, reaching #60 on February 24-25, 2024.

• WP, the news aggregator from Poland, had its best day on July 26 (#188), coinciding with Polish lawmakers voting to allow security forces to use lethal weapons with “impunity”, particularly at the tense border with Belarus. WP peaked again on November 6 (#180), the day after the US elections, when the result of the election was mentioned in Poland’s parliament. Its third and final peak was on Black Friday, November 29, again at #180.

• Rambler, the Russian news aggregator, peaked at #218 on February 23, 2024, the day after the Moscow concert hall attack and the same day Vladimir Putin addressed the nation.

Messaging remains relevant, especially for specific communication purposes. Apple’s iMessage is excluded from this category because it lacks a unique domain name for traffic analysis. With that in mind, WhatsApp retained its position as the top messaging service in 2024, consistent with 2023 and 2022.

1. WhatsApp

2. QQ

3. Telegram

4. Viber

5. WeChat

6. Signal

7. LINE

8. KakaoTalk

9. eitaa.com

10. Facebook Messenger

Following WhatsApp at #2 is, for the second year in a row, the Chinese service QQ, also known as Tencent QQ, which includes games and mobile payments and is popular in Asia. Telegram, widely used in Eastern Europe and Asia, took the #3 spot from Viber in June. Viber remains popular in Eastern Europe, Asia, and the Middle East.

WeChat rose this year, securing #5 in October and surpassing Signal, which held that position for most of the year but dropped to #6 (the same position in which it ended 2023). LINE from Japan ranked #7, while new entries to the Top 10 included South Korea’s KakaoTalk (#8) and Iran’s eitaa.com (#9), a messaging application, designed for both mobile and desktop platforms, that is popular in Iran and among the Farsi (Persian) language diaspora.

Facebook Messenger rounded out the Top 10 at #10.

Here are other messaging trends from our Overall ranking:

• WhatsApp, as noted, performed better this year, growing in popularity since late July, stabilizing at #9 by mid-October, and performing better during weekdays.

• Telegram’s best days were between July 16-18, during developments in the Ukraine war, including the Russian Black Sea Fleet leaving Crimea. Telegram is widely used by thousands of Russian ‘war correspondents,’ as recently reported.

• Eitaa, the Iranian cloud-based messaging app, peaked at #185 in our Overall ranking on April 14, 2024, the day of Iranian strikes against Israel, which we covered in a blog post on Internet trends.

• WeChat spiked in our Overall ranking (#116) on July 30, 2024, coinciding with Chinese leaders pledging to tilt stimulus efforts towards consumers.

Gaming and metaverse both involve immersing players in other worlds. Leaving concepts aside, we’ve grouped gaming and the metaverse into the same category since 2022. Roblox dominated this category again in 2024, retaining its top spot, followed by Microsoft’s Xbox at #2. Epic Games, the creator of Fortnite, ranked third.

1. Roblox

2. Xbox/Xbox Live

3. Epic Games/Fortnite

4. Steam

5. PlayStation

6. Electronic Arts

7. Blizzard

8. Riot Games/League of Legends

9. Minecraft

10. Garena

Xbox/Xbox Live held #2 consistently, but Epic Games/Fortnite contested the position earlier in the year and again in November. Steam was a surprise this year, jumping to #4, ahead of PlayStation. It even rose to #2 in late March and early April, coinciding with the launch of a new demo. Other platforms on the rise included Electronic Arts, Blizzard, and Riot Games/League of Legends.

Minecraft made the Top 10 at #9, performing best on July 5, 6, and 10, when it reached #7. Garena, the Singaporean game developer and publisher, entered the Top 10 for the first time. Oculus, Meta’s VR headset and metaverse service, dropped out of the Top 10 to #11, after ending 2023 at #5. It performed better earlier in the year (until April) and in late November.

Here’s the top chart across 2024:

Here are other metaverse and gaming trends from our Overall ranking:

• Roblox’s best day in 2024 was January 21, when it reached #20. The platform performed better on weekends, especially Sundays, similar to other popular gaming platforms like Xbox/Xbox Live, Epic Games/Fortnite, Steam, and PlayStation.

• Epic Games/Fortnite’s best day was January 1, 2024.

• Xbox/Xbox Live (#37) and PlayStation (#43) had their best day on November 2, 2024, the day before the launch of the new version of the classic game Aero the Acro-Bat: Rascal Rival Revenge.

• Steam’s best day was August 24, 2024, during the week of Gamescom 2024 in Germany. Several new games were released that week, including Tactical Breach Wizards and Dustborn.

• Minecraft, celebrating its 15th anniversary in May 2024, had its best days on June 15 (#90), following the release of the Tricky Trials game update by Mojang Studios, and August 17 (#90), coinciding with the release of Minecraft: Java Edition Snapshot 24w33a.

Financial services cover everything from traditional banking to cryptocurrencies and tax tools. Stripe, the Irish-American payment platform, kept its #1 spot for the second year, after overtaking PayPal in this category in 2023.

1. Stripe

2. TradingView

3. Alipay

4. PayPal

5. Nubank (BR)

6. Binance

7. Coinbase

8. Banco do Brasil

9. Bradesco Bank

10. Itau

PayPal spent only a few days at #2 and a few others at #3 this year, but ultimately dropped to #4. TradingView, a platform specializing in tools for traders and investors, climbed to #2, followed by AliPay, the Chinese mobile and online payment platform, which secured #3.

Nubank, the Brazilian neobank (only online) and considered to be the most valuable, one of the biggest Latin America financial groups and the world’s biggest digital bank, entered the Top 10 at #5, while Binance rose to #6 (up from #8 last year). Binance also peaked at #3 on November 12-13, following the US elections, as Bitcoin reached new highs. In the crypto space, Coinbase joined the Top 10 for the first time.

Brazil’s growth in online banking, digital banks, and payments in Latin America has driven traditional banks to expand their digital presence. In 2024, Banco do Brasil, Bradesco, and Itaú performed well and rose into the Top 10, moving more than ever to the online space including in partnership with each other (as detailed in these two (1), (2) articles in Portuguese).

And here’s the crypto perspective in this Financial services category:

Next, we highlight other financial services trends from our Overall ranking:

• Stripe’s best days were just before Black Friday, on November 18-19 and November 25, reaching #81 during those days. Stripe performed better on weekends and maintained consistent rankings throughout the year.

• PayPal ranked higher around Black Friday week, peaking at #89 on November 21 and on Black Friday, November 29.

• Brazilian bank Nubank performed best a few days before Carnival in Brazil (February 10-14), reaching #87 on February 1 and 3 and #92 on February 10. It also ranked well on Black Friday, November 29, peaking at #90.

In addition to our Financial Services category, we evaluated cryptocurrency-related services specifically. Despite a few crashes over recent years, the crypto sector continued to evolve in 2024, experiencing a late-year boom, as we explore below. Binance and Coinbase retained the top two spots, while OKX climbed to #3 this year.

1. Binance

2. Coinbase

3. OKX

4. 2miners.com

5. CoinMarketCap

6. Coingecko

7. Bybit

8. Exodus

9. Tonkeeper

10. NiceHash

CoinGecko, a cryptocurrency data platform, dropped to #6, making way for OKX in late August, while new entrant 2miners.com rose to #4. CoinMarketCap ranked #5, followed by several dynamic new entrants in the Top 10:

• Bybit (#7): A cryptocurrency exchange offering spot and derivatives trading.

• Exodus (#8): A user-friendly, multi-asset cryptocurrency wallet.

• Tonkeeper (#9): A secure wallet for managing Toncoin and related assets.

NiceHash, a platform connecting cryptocurrency miners and buyers, performed better in 2023, but dropped from #5 to #10 this year.

The US elections also had an apparent effect on the Overall ranking:

• Binance entered the Top 100 for the first time on September 26, when Bitcoin surged past $65,000, driven by positive US employment data and China’s announcement of economic stimulus measures. It peaked at #97 on November 13, following the US elections and Donald Trump’s victory, as Bitcoin’s price surpassed $90,000 for the first time.

• Coinbase’s best day was November 21, reaching #131, as Bitcoin approached $100,000 (which it surpassed on December 4, although our ranking only covers up to December 1).

• OKX peaked at #149 on November 22, and CoinMarketCap reached #176 on November 23.

• CoinGecko’s best day was November 11, the week following the US elections, when it climbed to #137.

Outside the categories we reviewed as part of the Year in Review, several notable trends emerged in our Overall ranking:

• The Paris 2024 Summer Olympics (July 26–August 11, 2024) appeared in our Top 250 Overall ranking, with Olympics-related sites debuting on July 27 (#195), the first full day of events. The peak was on July 30 (#177), driven by Léon Marchand’s swimming performances and the US women’s artistic gymnastics medal, as detailed in our Olympics blog post. The final day in the Top 250 was August 11 (#217).

  
  

• Spotify ranked between #17 and #18 this year, performing best in October, spending most of the month at #17. However, as our list ends on December 1, we are not tracking the impact of the recently launched Spotify Wrapped.

• Tesla entered the Top 250 after October. Its best day was October 12 (#245), following the Cybercab robotaxi reveal. It also ranked higher on November 17 (#246), after a post-US elections stock rally.

• GitHub’s best day was November 8 (#31), coinciding with its announcement of enhanced security protocols, including mandatory two-factor authentication (2FA) for organizations.

• NBA appeared in the Top 250 until early March, with its best day on February 4, during these games.

• Nike ranked only once, on March 26 (#236), during the annual Air Max Day celebration.

• Brazil’s official Judiciary site peaked at #105 on October 6, during the first round of municipal elections.

• Ticketmaster peaked at #169 on October 8, during a major service disruption, followed by October 9 (#170), the day Australian F1 tickets went on sale.

• Intuit’s best day was April 15 (#121), US Tax Day, consistent with previous years.

• Weather.com peaked at #61 between August 4–6, during Hurricane Debby’s landfall in Florida.

• The best day for IMDb (the Internet Movie Database) was January 1 (#220).

• Example.com, a domain used for documentation purposes, ranked between #24 and #56.

The Internet continues to shape how we socialize, work, and stay informed. Our 2024 rankings highlight the enduring dominance of platforms like Google, Facebook, and TikTok, alongside the rapid rise of generative AI services like OpenAI’s ChatGPT, with new players like GitHub Copilot and Claude making strides.

In social media, X shows declining influence, while Threads, Bluesky, and Mastodon are carving out niches but remain far from overtaking established platforms. Temu continues to rise in e-commerce, while Shein and AliExpress strengthened their global positions. In cryptocurrency, Binance regained momentum as Bitcoin surged, and newer players entered the scene. Gaming saw Roblox maintain its lead, with Steam experiencing notable growth.

Events like the Paris 2024 Summer Olympics, US elections, and war-related attacks also shaped Internet trends, emphasizing how global events influence online activity. These trends mirror real-world developments and set the stage for an interconnected, tech-driven future.

On a final note, creating rankings is a team effort that comes with its own challenges and requires careful attention and frequent updates. We welcome your feedback and suggestions for new categories to explore in the Year in Review.

(Our data scientist, Sabina Zejnilovic, played a crucial role in gathering the Internet services data.)

Post Syndicated from David Belson original https://blog.cloudflare.com/radar-2022-year-in-review/

In 2022, with nearly five billion people around the world (as well as an untold number of “bots”) using the Internet, analyzing aggregate data about this usage can uncover some very interesting trends. To that end, we’re excited to present the Cloudflare Radar 2022 Year In Review, featuring interactive charts, graphs, and maps you can use to explore notable Internet trends observed throughout this past year. The Year In Review website is part of Cloudflare Radar, which celebrated its second birthday in September with the launch of Radar 2.0.

We have organized the trends we observed around three different topic areas: Traffic, Adoption, and Security. The content covered within each of these areas is described in more detail in their respective sections below. Building on the 2021 Year In Review, we have incorporated several additional metrics this year, and have also improved the underlying methodology. (As such, the charts are not directly comparable to develop insights into year-over-year changes.)

Website visualizations shown at a weekly granularity cover the period from January 2 through November 26, 2022 (the start of the first full week of the year through the end of the last full week of November). We plan to update the underlying data sets through the end of the year in early 2023. Trends for nearly 200 locations are available on the website, with some smaller or less populated locations excluded due to insufficient data.

Before we jump in, we urge anyone who prefers to see the headline stats up front and to explore the data themselves to go ahead and visit the website. Anyone who wants a more lengthy, but curated set of observations should continue reading below. Regardless, we encourage you to consider how the trends presented within this post and the website’s various sections impact your business or organization, and to think about how these insights can inform actions that you can take to improve user experience or enhance your security posture.

Traffic

Anyone following recent technology headlines might assume that the Internet’s decades-long trend of incredible growth would have finally begun to falter. In times like these, data is key. Our data indicates that global Internet traffic, which grew at 23% this year, is as robust as ever.

To determine the traffic trends over time, we first established a baseline, calculated as the average daily traffic volume (excluding bot traffic) over the second full calendar week (January 9-15) of 2022. We chose the second calendar week to allow time for people to get back into their “normal” routines (school, work, etc.) after the winter holidays and New Year’s Day. The percent change shown on the trend lines in our charts are calculated relative to the baseline value, and represents a seven-day trailing average — it does not represent absolute traffic volume for a location. The seven-day averaging is done to smooth the sharp changes seen with a daily granularity.

In addition to calculating traffic growth, our 1.1.1.1 public DNS resolver and broad global customer base enables us to have a unique view into online activity. This includes insights into the most popular types of Internet content and the most popular Internet services in general and across specific categories, as well as the impact of bots. Of course, none of this matters if connectivity is unavailable, so we also drill down into major Internet disruptions observed in 2022.

Traffic trends

After an initial dip, worldwide Internet traffic saw nominal growth coinciding with the 2022 Olympic Winter Games in Beijing, but slipped again in the weeks after their conclusion. After a couple of months of slight growth, traffic again dipped below baseline heading into July. However, after reaching that nadir, Internet traffic experienced a fairly consistent rate of growth through the back part of the year. An upwards inflection at the end of November is visible in the worldwide traffic graph as well as the traffic graphs of a number of locations. Traffic analysis showed that this increase resulted from the convergence of early holiday shopping traffic (to e-commerce sites) with the run-up to and early days of FIFA World Cup Qatar 2022.

The An Update on Cloudflare’s assistance to Ukraine blog post published during Impact Week looked at the conflict from an attack perspective. Viewing Ukraine through an Internet traffic lens provides unique insights into the impacts of the war’s damage and destruction to Internet connectivity within the country. After starting the year with some nominal traffic growth, that trend was quickly reversed once the Russian invasion began on February 24, with traffic quickly falling as infrastructure was damaged and the populace focused on finding safety and shelter. Although traffic started to grow again after that initial steep decline, drops in May and June appear to be correlated with significant outages observed by Cloudflare. After returning to growth during August, several additional disruptions were visible in September, October, and November coincident with widespread power outages across the country resulting from Russian attacks.

Reliable electric power is critical for reliable Internet connectivity, both for the core network infrastructure in data centers, as well as for last-mile infrastructure like cell towers and Wi-Fi routers, as well as laptops, cellphones, and other devices used to access the Internet. For several years, the residents of Puerto Rico have struggled to contend with an unreliable electric grid, resulting in frequent power outages and slow restoration times. In 2022, the island suffered two multi-day power outages that clearly impacted otherwise strong traffic growth. In April, a fire at a power plant caused an outage that lasted three days, disrupting Internet connectivity during that period. In September, widespread power outages resulting from damage from Hurricane Fiona resulted in a rapid drop in Internet traffic with the disruption lasting over a week until power restoration work and infrastructure repair was completed.

Top categories

Cloudflare’s global customer base spans a range of industry categories, including technology, e-commerce, and entertainment, among others. Analysis of the traffic to our customers’ websites and applications reveals which categories of content were most popular throughout the year, and can be broken out by user location. The domains associated with each customer zone have one or more associated categories — these can be viewed on Cloudflare Radar. To calculate the distribution of traffic across the set of categories for each location, we divided the number of requests for domains associated with a given category seen over the course of a week by the total number of requests mapped to a category seen over that week, filtering out bot traffic. If a domain is associated with multiple categories, then the associated request was included in the aggregate count for each category. The chart shows how the distribution of requests across the selected categories changes over the course of the year.

Globally, sites in the Technology category were the most popular, accounting for approximately one-third of traffic throughout the year. The next most popular category was Business & Economy, which drove approximately 15% of traffic. Shopping & Auctions also saw a bump in traffic in November, as consumers began their holiday shopping.

In sharp contrast to other Asian countries, in South Korea, Internet Communication was consistently the second most popular category during the year. Elsewhere, Internet Communication was occasionally among the top five, but usually within the top 10. Internet Communication was followed closely by Entertainment and Business & Economy. The former saw multiple periods of increased traffic through the year, in contrast to other categories, which saw traffic share remain fairly consistent over time.

Traffic distribution in Turkey represented a rare departure from most other locations around the world. Although Technology started the year as the most popular category, its popularity waned during the back half of the year, ending below Shopping & Auctions and Society & Lifestyle. These latter two saw gradual growth starting in September, and posted larger increases in November. Business & Economy and Entertainment sites were comparatively less popular here, in contrast to many other locations.

Armenia’s traffic distribution also ran counter to that seen in most other locations. Entertainment was the most popular category for nearly the entire year, except for the final week of November. Technology was generally the second most popular category, although it was surpassed by Gambling several times throughout the year. However, Gambling saw its popularity fall significantly in November, as it was surpassed by the Shopping & Auctions and Business & Economy categories.

Most popular Internet services

The luxury of being a popular Internet service is that the service’s brand becomes very recognizable, so it will be no surprise that Google was #1 in our General ranking.

Top 10 — General, late 2022 ranking
1. Google
2. Facebook
3. Apple, TikTok (tie)
5. YouTube
6. Microsoft
7. Amazon Web Services
8. Instagram
9. Amazon
10. iCloud, Netflix, Twitter, Yahoo (tie)

Last year TikTok was at the top of our ranking. However, the results between the two years aren’t comparable. As part of our launch of Radar 2.0, we introduced improvements to our domain ranking algorithms, and this year’s rankings are based on those new algorithms. In addition, this year we have grouped domains that all belong to a single Internet service. For example, Google operates google.com, google.pt, and mail.google.com among others, so we aggregated the popularity of each domain under a single “Google” Internet service for simplicity. However, while Meta operates both Facebook and Instagram, consumers typically perceive those brands as distinct, so we decided to group domains associated with those services separately.

Zooming out from our General top 10, the anonymized DNS query data from our 1.1.1.1 public DNS resolver reflects traffic from millions of users around the world, enabling us to offer category specific rankings as well. While you can view them all in the “Most popular Internet services” section of our Year in Review website, we’ve decided to highlight a few of our favorite observations below.

Cryptocurrencies always seem to have as much promise as they have controversy. We couldn’t help but be curious about which cryptocurrency services were the most popular. But before jumping into the Top 10, let’s double-click on one that fell out of the running: FTX. Known as the third largest cryptocurrency exchange in the world, our popularity ranking shows it hovered around 9th place for most of the year. That is, until it filed for bankruptcy in November. At that point, there is a precipitous drop, which also appears to coincide with reports that FTX disabled its users’ ability to make cryptocurrency withdrawals. Moving back to the Top 10, the two other major cryptocurrency exchanges, Binance and Coinbase, ranked #1 and #3 respectively and don’t appear to have been adversely impacted by FTX in our rankings.

The universe has been the hottest place to be since the beginning of time, but some suggest that we’ll all soon be in the metaverse. If that’s true, then the question becomes “Whose metaverse?”. Last year, Facebook changed its name to Meta as it poured billions of dollars into the space, so we were curious about the impact of their efforts on the metaverse landscape one year later. With Meta’s Oculus offering their initial foray into the metaverse, our data indicates that while its popularity saw tangible improvements, rising from 10th to 5th in the back half of the year, Roblox is clearly the champion of the metaverse arena. It is fascinating to see this smaller challenger dominating Oculus, which is operated by Meta, a company ~18x larger in market capitalization. We are excited to check back at the end of 2023 to see whether Oculus’ ascent of the rankings topples Roblox, or if the smaller player retains the crown.

Facebook’s transition to Meta, however, does not appear to have impacted its popularity as a social media platform. Within our ranking of the top social media platforms, Facebook held the top position throughout the year. TikTok and Snapchat also held steady in their places among the top five. Instagram and Twitter traded places several times mid-year, but the photo and video sharing app ultimately knocked Twitter from 3rd place in August. More active volatility was seen in the bottom half of the top 10, as LinkedIn, Discord, and Reddit frequently shifted between sixth, seventh, and eighth position in the rankings.

While those are the most popular sites today, over the last 20+ years, the landscape of social media platforms has been quite dynamic, with new players regularly emerging. Some gained a foothold and became successful, while others became a footnote of Internet history. Although it has actually been around since 2016, Mastodon emerged as the latest potential disruptor in the space. In a landscape where the top social media platforms operate closed-source, centralized platforms, Mastodon offers free, open source software to allow anyone to start their own social networking platform, built around a decentralized architecture, and easily federated with others.

Aggregating the domain names used by 400 top Mastodon instances, this cohort started the year hovering around the #200 rank of most popular services overall. Its position in the overall rankings steadily improved throughout the year, hitting an inflection point in November, moving up about 60 positions. This trend appears to be driven by a spike in interest and usage of Mastodon, which we elaborate on in the Adoption section below.

Bot traffic

Bot traffic describes any non-human traffic to a website or an app. Some bots are useful, such as those that monitor site and application availability or search engine bots that index content for search, and Cloudflare maintains a list of verified bots known to perform such services. However, visibility into other non-verified bot activity is just as, if not more, important as they may be used to perform malicious activities, such as breaking into user accounts or scanning the web for exposed vulnerabilities to exploit. To calculate bot traffic percentages, we used the bot score assigned to each request to identify those made by bots, and then divided the total number of daily requests from these bots by the total number of daily requests. These calculations were done both globally and on a per-location basis. The line shown in the trends graph represents a seven-day trailing average. For the top 10 chart, we calculated the average bot percentage on a monthly basis per location, and then ranked the locations by percentage. The chart illustrates the ranking by month, and how those rankings change across the year.

Globally, bots generally accounted for between 30-35% of traffic over the course of the year. Starting January at around 35%, the percentage of bot traffic dropped by nearly a quarter through the end of February, but then reclaimed some of that loss, staying just above 30% through October. A slight downward trend is evident at the start of November, due to human traffic increasing while bot traffic remained fairly consistent. Despite a couple of nominal spikes/drops, the global trend exhibited fairly low volatility overall throughout the year.

While around one-third of global traffic was from bots, two locations stood out with bot traffic percentages double the global level. Except for two brief mid-year spikes, just under 70% of traffic from Ireland was classified as bot-driven. Similarly, in Singapore, bot traffic consistently ranged between 60-70% across the year. Bots account for the majority share of traffic from these locations due to the presence of local “regions” from multiple cloud platform providers in each. Because doing so is easily automated and free/inexpensive, attackers will frequently spin up ephemeral instances in these clouds in order to launch high volume attacks, such as we saw with the “Mantis” attack in June. (Internal traffic analysis indicates that a significant portion of traffic for these two geographies is from cloud provider networks and that the vast majority of traffic we see from these networks is classified as bot traffic.)

The top 10 list of locations with the highest percentage of bot traffic saw a fair amount of movement throughout the year, with four different locations holding the top slot at some point during the year, although Turkmenistan spent the most time at the top of the list. Overall, 17 locations held a spot among the top 10 at some point during 2022, with greater concentrations in Europe and Asia.

Internet outages

Although the metrics included in the 2022 Year In Review were ultimately driven by Internet traffic to Cloudflare from networks and locations around the world, there are, unfortunately, times when traffic is disrupted. These disruptions can have a number of potential causes, including natural disasters and extreme weather, fiber optic cable cuts, or power outages. However, they can also happen when authoritarian governments order Internet connectivity to be shutdown at a network, regional, or national level.

We saw examples of all of these types of Internet disruptions, and more, during 2022, and aggregated coverage of them in quarterly overview blog posts. With the launch of Radar 2.0 in September, we also began to catalog them on the Cloudflare Radar Outage Center. These disruptions are most often visible as drops in Cloudflare traffic from a given network, region, or country. The 2022 Year In Review website illustrates where these disruptions occurred throughout the year. Some notable outages observed during 2022 are highlighted below.

One of the most significant Internet disruptions of the year took place on AS812 (Rogers), one of Canada’s largest Internet service providers. During the morning of July 8, a near complete loss of traffic was observed, and it took nearly 24 hours for traffic volumes to return to normal levels. A Cloudflare blog post covered the Rogers outage in real-time as the provider attempted to restore connectivity. Data from APNIC estimates that as many as five million users were directly affected, while press coverage noted that the outage also impacted phone systems, retail point of sale systems, automatic teller machines, and online banking services. According to a notice posted by the Rogers CEO, the outage was attributed to “a network system failure following a maintenance update in our core network, which caused some of our routers to malfunction”.

In late September, protests and demonstrations erupted across Iran in response to the death of Mahsa Amini. Amini was a 22-year-old woman from the Kurdistan Province of Iran, and was arrested on September 13 in Tehran by Iran’s “morality police”, a unit that enforces strict dress codes for women. She died on September 16 while in police custody. Iran’s government is no stranger to using Internet shutdowns as a means of limiting communication with the outside world, and in response to these protests and demonstrations, Internet connectivity across the country experienced multiple waves of disruptions.

Three of the major mobile network providers — AS44244 (Irancell), AS57218 (RighTel), and AS197207 (MCCI) — started implementing daily Internet “curfews” on September 21, generally taking place between 1600 and midnight local time (1230-2030 UTC), although the start times varied on several days. These regular shutdowns lasted into early October, with several more ad-hoc disruptions taking place through the middle of the month, as well as other more localized shutdowns of Internet connectivity. Over 75 million users were impacted by these shutdowns, based on subscriber figures for MCCI alone.

Cable cuts are also a frequent cause of Internet outages, with an old joke among network engineers that suggested that backhoes were the Internet’s natural enemy. While backhoes may be a threat to terrestrial fiber-optic cable, natural disasters can wreak havoc on submarine cables.

A prime example took Tonga offline earlier this year, when the Hunga Tonga–Hunga Ha’apai volcanic eruption damaged the submarine cable connecting Tonga to Fiji, resulting in a 38-day Internet outage. After the January 14 eruption, only minimal Internet traffic (via limited satellite services) was seen from Tonga. On February 22, Digicel announced that the main island was back online after initial submarine cable repairs were completed, but it was estimated that repairs to the domestic cable, connecting outlying islands, could take an additional six to nine months. We saw rapid growth in traffic from Tonga once the initial cable repairs were completed.

The war in Ukraine is now ten months old, and throughout the time it has been going on, multiple networks across the country have experienced outages. In March, we observed outages in Mariupol and other cities where fighting was taking place. In late May, an extended Internet disruption began in Kherson, coincident with AS47598 (Khersontelecom) starting to route traffic through Russian network provider AS201776 (MIranda), rather than a Ukrainian upstream. And in October, widespread power outages disrupted Internet connectivity in Kharkiv, Lviv, Kyiv, Poltova Oblast, and Zhytomyr. These outages and others were covered in more detail in the quarterly Internet disruption overview blog posts, as well as several other Ukraine-specific blog posts.

Adoption

Working with millions of websites and applications accessed by billions of people as well as providing an industry-leading DNS resolver service gives Cloudflare a unique perspective on the adoption of key technologies and platforms. SpaceX Starlink was frequently in the news this year, and we observed a 15x increase in traffic from the satellite Internet service provider. Social networking platform Mastodon was also in the news this year, and saw significant growth in interest as well.

IPv6 remains increasingly important as connected device growth over the last decade has exhausted available IPv4 address space, but global adoption remained around 35% across the year. And as the Internet-connected population continues to grow, many of those people are using mobile devices as their primary means of access. To that end, we also explore mobile device usage trends across the year.

Starlink adoption

Internet connectivity through satellites in geostationary orbit (GEO) has been around for a number of years, but services have historically been hampered by high latency and slower speeds. However, the launch of SpaceX Starlink’s Low Earth Orbit (LEO) satellite Internet service in 2019 and subsequent expansion of the satellite constellation has made high performance Internet connections available in many locations that were previously unserved or underserved by traditional wired or wireless broadband. To track the growth in usage and availability of Starlink’s service, we analyzed aggregate Cloudflare traffic volumes associated with the service’s autonomous system (AS14593) throughout 2022. Although Starlink is not yet available globally, we did see traffic growth across a number of locations. The request volume shown on the trend line in the chart represents a seven-day trailing average.

Damage from the war in Ukraine has disrupted traditional wired and wireless Internet connectivity since the invasion started in late February. Starlink made headlines that month after the company activated service within the country, and the necessary satellite Internet terminals became more widely available. Within days, Cloudflare began to see Starlink traffic, with volume growing consistently throughout the year.

Latent interest in the service was also apparent in a number of locations where traffic grew quickly after Starlink announced availability. One such example is Romania, which was included in Starlink’s May announcement of an expanded service footprint, and which saw rapid traffic growth after the announcement.

And in the United States, where Starlink has provided service since launch, traffic grew more than 10x through the end of November. Service enhancements announced during the year, like the ability to get Internet connectivity from moving vehicles, boats, and planes will likely drive additional traffic growth in the future.

Mastodon interest

Above, we showed that Mastodon hit an inflection point in its popularity during the last few months of 2022. To better understand how interest in Mastodon evolved during 2022, we analyzed aggregate 1.1.1.1 request volume data for the domain names associated with 400 top Mastodon instances, looking at aggregate request volume by location. The request volume shown on the trend line in the chart represents a seven-day trailing average.

Although interest in Mastodon clearly accelerated over the last few months of the year, this interest was unevenly distributed throughout the world as we saw little to no traffic across many locations. Graphs for those locations are not included within the Year In Review website. However, because Mastodon has been around since 2016, it built a base of early adopters over the last six years before being thrust into the spotlight in 2022.

Those early adopters are visible at a global level, as we see a steady volume of resolver traffic for the analyzed Mastodon instance domain names through the first nine months of the year, with the timing of the increase visible in late April aligning with the announcement that Elon Musk had reached a deal to acquire Twitter for $44 billion. The slope of the graph clearly shifted in October as it became increasingly clear that the acquisition would close shortly, with additional growth into November after the deal was completed. This growth is likely due to a combination of existing but dormant Mastodon accounts once again becoming active, and an influx of new users.

The traffic pattern observed for the United States appears fairly similar to the global pattern, with traffic from an existing set of users seeing massive growth starting in late October as well.

Although the core Mastodon software was developed by a programmer living in Germany, and the associated organization is incorporated as a German not-for-profit, it didn’t appear to have any significant home field advantage. Query volume for Germany was relatively low throughout most of the year, and only started to rapidly increase at the end of October, similar to behavior observed in a number of other countries.

IPv6 adoption

Although IPv6 has been around for nearly a quarter-century, adoption has been relatively slow over that time. However, with the exhaustion of available IPv4 address space and the growth in connected and mobile devices, IPv6 plays a critical role in the future of the Internet. Cloudflare has enabled customers to deliver content over IPv6 since our first birthday, back in 2011, and we have evolved support in several ways since that time. Analysis of traffic to the Cloudflare network provides us with insights into IPv6 adoption across the Internet.

On a global basis, IPv6 adoption hovered around the 35% mark throughout the year, with nominal growth evident in the trend line shown in the graph. While it is encouraging to see one of every three requests for dual stacked content being made over IPv6, this adoption rate demonstrates a clear opportunity for improvement.

To calculate IPv6 adoption for each location, we identified the set of customer zones that had IPv6 enabled (were “dual stacked”) during 2022, and then divided the daily request count for the zones over IPv6 by the daily sum of IPv4 and IPv6 requests for the zones, filtering out bot traffic in both cases. The line shown in the trends graph represents a seven-day trailing average. For the top 10 chart, we calculated the average IPv6 adoption level on a monthly basis per location, and then ranked the locations by percentage. The chart illustrates the ranking by month, and how those rankings change across the year.

One location that has seized that opportunity is India, which recorded the highest IPv6 adoption rate throughout the year. After seeing more than 70% adoption through July, it began to drop slightly in late summer, losing a couple of percentage points over the subsequent months.

One key driver behind India’s leadership in this area is IPv6 support from Jio, India’s largest mobile network operator, as well as being a provider of fiber-to-the-home broadband connectivity. They aggressively started their IPv6 journey in late 2015, and now much of Jio’s core network infrastructure is IPv6-only, while customer-facing mobile and fiber connections are dual-stacked.

Also heading in the right direction are the more than 60 locations around the world that saw IP adoption rates more than double this year. One of the largest increases was seen in the European country of Georgia, which grew more than 3,500% to close out the year at 10% adoption thanks to rapid growth across February and March at Magticom, a leading Georgian telecommunications provider.

Many of the other locations in this set also experienced large gains over a short period of time, likely due to a local network provider enabling subscriber support for IPv6. While significant gains seen in over a quarter of the total surveyed locations is certainly a positive sign, it must be noted that over 50 are under 10% adoption, with more than half of those remaining well under 1%, even after seeing adoption more than double. Internet service providers around the world continue to add or improve IPv6 support for their subscribers, but many have low to non-existent adoption rates, presenting significant opportunity to improve in the future.

As noted above, India had the highest level of IPv6 adoption through 2022. In looking at the remainder of the top 10 list, Saudi Arabia and Malaysia traded places several times during the year as the locations with the second and third-highest adoption rates, at just under 60% and around 55% respectively. The United States appeared towards the bottom of the top 10 list during the first quarter, but ranked lower for the remainder of the year. Belgium proved to be the most consistent, holding the fourth-place spot from March through November, with around 55% IPv6 adoption. Overall, a total of 14 locations appeared among the top 10 at some point during the year.

Mobile device usage

Each year, mobile devices become more and more powerful, and are increasingly being used as the primary onramp to the Internet in many places. In fact, in some parts of the world, so-called “desktop” devices (which includes laptop form factors) are the exception for Internet access, not the rule.

Analysis of the information included with each content request enables us to classify the type of device (mobile or desktop) used to make the request. To calculate the percentage of mobile device usage by location, we divided the number of requests made by mobile devices over the course of a week by the total number of requests seen that week, filtering out bot traffic in both cases. For the top 10 chart, we ranked the locations by the calculated percentage. The chart illustrates the ranking by month, and how those rankings change across the year.

In looking at the top 10 chart, we note that Iran and Sudan held the top two slots for much of the year, bookended by Yemen in January and Mauritania in November. Below the top two spots, however, significant volatility is clear throughout the year within the rest of the top 10. However, this movement was actually concentrated across a relatively small percentage range, with just five to ten percentage points separating the top and bottom ranked locations, depending on the week. The top ranked locations generally saw 80-85% of traffic from mobile devices, while the bottom ranked locations saw 75-80% of traffic from mobile devices.

This analysis reinforces the importance of mobile connectivity in Iran, and underscores why mobile network providers were targeted for Internet shutdowns in September and October, as discussed above. (And the shutdowns subsequently explain why Iran disappears from the top 10 list after September.)

Security

Improving Internet security is a key part of Cloudflare’s drive to help build a better Internet. One way we do that is by protecting customer websites, applications, and network infrastructure from malicious traffic and attacks. Because malicious actors regularly use a variety of techniques and approaches in launching their attacks, we have a number of products within our security solution portfolio that provide customers with flexibility around how they handle these attacks. Below, we explore insights derived from the attack mitigation we do on behalf of customers, including how we are mitigating attacks, what kinds of websites and applications attacks are targeting, and where these attacks appear to be coming from. In addition, with the acquisition of Area 1 earlier in 2022, we are presenting insight into where malicious email originates from. Analysis of this data highlights that there is very much no “one size fits all” security solution, as attackers use a wide variety of techniques, frequently shifting between them. As such, having a broad but flexible portfolio of security solutions at the ready is critical for CISOs and CIOs.

Mitigation sources

Depending on the approach taken by an attacker, and the type of content being targeted, one attack mitigation technique may be preferable over another. Cloudflare refers to these techniques as “mitigation sources”, and they include popular tools and techniques like Web Application Firewall (WAF) and DDoS Mitigation (DDoS), but also lesser known ones like IP Reputation (IPR), Access Rules (AR), Bot Management (BM), and API Shield (APIS). Examining the distribution of mitigation sources applied by location can help us better understand the types of attacks originating from those locations. To calculate the percentage of mitigated traffic associated with each mitigation source by location, we divided the total number of daily mitigated requests for each source by the total number of mitigated requests seen that day. Bot traffic is included in these calculations, given that many attacks originate from bots. A single request can be mitigated by multiple techniques, and here we consider the last technique that mitigated the request.

Across many locations, IP Reputation, Bot Management, and Access Rules accounted for small amounts of mitigated traffic throughout the year, with the volumes varying by country. However, in other locations, IP Reputation and Access Rules were responsible for larger amounts of mitigated traffic, possibly indicating those places had more of their traffic being blocked outright. A number of countries saw a rapid and significant increase in DDoS mitigated traffic during January to the 80-90% range, followed by a rapid drop to the 10-20% range. In that vein, DDoS Mitigation and WAF percentage shifts were frequently very spiky, with only occasional sustained periods of relatively consistent percentages.

Overall, DDoS Mitigation and WAF were the two most frequently used techniques to address attacks. The former’s share on a global basis was highest in mid-January, growing to nearly 80%, while the latter’s peak was during February, when it accounted for almost 60% of mitigated traffic. A spike in the usage of Access Rules is clearly visible in August, related to similar spikes observed for the United States, United Arab Emirates, and Malaysia.

Although Access Rules accounted for as much as 20% of mitigated traffic from the United States in August, it saw much lower usage throughout the balance of the year. DDoS Mitigation was the primary technique used to mitigate attack traffic coming from the United States, responsible for over 80% of such traffic during the first quarter, though it steadily declined through August. In a complimentary fashion, WAF drove only ~20% of mitigated traffic early in the year, but that volume steadily grew and had tripled through August. Interestingly, the growth in Access Rules usage followed rapid growth and then similarly rapid decline in WAF, possibly suggesting that more targeted rules were implemented to augment the managed rules applied by the Web Application Firewall against US-originated attacks.

Access Rules and IP Reputation were applied more frequently to mitigate attack traffic coming from Germany, with Bot Management also seeing increased usage in February, March, and June. However, except for periods in February and July, DDoS Mitigation drove the bulk of mitigated traffic, generally ranging between 60-80%. WAF mitigation was clearly most significant during February, with 70-80% of mitigated traffic, and July, at around 60%.

In mitigating attacks coming from Japan, it is interesting to see a couple of notable spikes in Bot Management. In March, it was briefly responsible for upwards of 40% of mitigated traffic, with another spike that was half as big in June. Access Rules also maintained a consistent presence in the graph, with around 5% of mitigated traffic through August, but slightly less in the following months. In dealing with Japanese attack traffic, WAF & DDoS Mitigation frequently traded positions as the largest source of mitigated traffic, although there was no clear pattern or apparent cycle. Both reached as much as 90% of mitigated traffic at times throughout the year – WAF in February and DDoS Mitigation in March. DDoS Mitigation’s periods of “dominance” tended to be more sustained, lasting for several weeks, but were punctuated by brief WAF spikes.

WAF rules

As noted above, Cloudflare’s WAF is frequently used to mitigate application layer attacks. There are hundreds of individually managed rules that can be applied by the WAF depending on the characteristics of the mitigated request, but these rules can be grouped into over a dozen types. Examining the distribution of WAF rules by location can help us better understand the techniques that attacks coming from that location are using. (For example, are attackers trying to inject SQL code into a form field, or exploit a published CVE?) To calculate the distribution of WAF mitigated traffic across the set of rule types for each location, we divided the number of requests mitigated by a particular type of WAF rule seen over the course of a week by the total number of WAF mitigated requests seen over that week. A single request can be mitigated by multiple rules and here we consider the last rule in a sequence that mitigated the request. The chart shows how the distribution of mitigated requests across the selected rule types changes over the course of the year. Bot traffic is included in these calculations.

At a worldwide level, during the first few months of the year, approximately half of HTTP requests blocked by our Managed WAF Rules contained HTTP anomalies, such as malformed method names, null byte characters in headers, non-standard ports, or content length of zero with a POST request. During that period, Directory Traversal and SQL Injection (SQLi) rules both accounted for just over 10% of mitigated requests as well. Attackers began to further vary their approach starting in May, as Cross Site Scripting (XSS) and File Inclusion both grew to over 10% of mitigations, while HTTP anomalies dropped to below 30%. Use of Software Specific rules grew above 10% in July, as attackers apparently ramped their efforts to exploit vendor-specific vulnerabilities. Broken Authentication and Command Injection rulesets also saw some growth in activity during the last several months, suggesting that attackers increased their efforts to find vulnerabilities in login/authentication systems or to execute commands on vulnerable systems in an attempt to gain access.

Although HTTP Anomaly was the most frequently applied rule when mitigations are aggregated at a global level, there were a number of locations where it held the top spot only briefly, if at all, as discussed below.

Attacks originating in Australia were WAF-mitigated using a number of rulesets, with the most applied ruleset changing frequently during the first half of the year. In contrast to the global overview, HTTP Anomaly was the top ruleset for only a single week in February, when it accounted for just over 30% of mitigations. Otherwise, attacks were most frequently mitigated with Software Specific, Directory Traversal, File Inclusion, and SQLi rules, generally accounting for 25-35% of mitigations. This pattern shifted starting in July, though, as Directory Traversal attacks became the most common, staying that way through the balance of the year. After peaking in June, SQLi attacks became significantly less common, rapidly falling and staying below 10% of mitigations.

WAF mitigations of attacks originating in Canada also demonstrated a pattern that differed from the global one. Although the HTTP Anomaly ruleset started the year accounting for approximately two thirds of mitigated requests, it was half that by the end of January, and saw significant volatility throughout the balance of the year. SQLi mitigations of Australian traffic effectively saw an opposite pattern, starting the year below 10% of mitigations but growing rapidly, accounting for 60% or more of mitigated traffic at multiple times throughout the year. Interestingly, SQLi attacks from Canada appeared to come in multi-week waves, becoming the most applied ruleset during those waves, and then receding for a brief period.

For attacks originating in Switzerland, the HTTP Anomaly ruleset was never the most frequently invoked, although it remained among the top five throughout the year. Instead, Directory Traversal and XSS rules were most frequently used, accounting for as much as 40% of mitigations. Directory Traversal most consistently held the top spot, though XSS attacks were the most prevalent during August. SQLi attacks saw peaks in April, July/August, and then again at the end of November. The Software Specific ruleset also breakout growth in September to as much as 20% of mitigated requests.

Target categories

Above, we discussed how traffic distribution across a set of categories provides insights into the types of content that users are most interested in. By performing similar analysis through a mitigation lens, we can gain insights into the types of websites and applications that are being most frequently targeted by attackers. To calculate the distribution of mitigated traffic across the set of categories for each location, we divided the number of mitigated requests for domains associated with a given category seen over the course of a week by the total number of requests mapped to that category during that week. The chart shows how the distribution of mitigated requests across each category changes over the course of the year. (As such, percentages will not sum to 100%). Bot traffic is included in these calculations. The percentage of traffic that was mitigated as an attack varied widely across industries and originating locations. In some places, a nominal percentage of traffic across all categories was mitigated, while in others, multiple categories experienced spikes in mitigated traffic at multiple times during 2022.

When aggregated at a global level, there was significant variance over the course of the year in the industry categories that attracted the most attacks as a fraction of their overall traffic. Through January and February, Technology sites had the largest percentage of mitigated requests, ranging between 20-30%. After that, a variety of categories moved in and out of the top slot, with none holding it for more than a few weeks. The biggest spike in attacks was targeted at Travel sites in mid-April, when more than half of the category’s traffic was mitigated. Coincident with the start of the 2022 World Cup in the last week of November, Gambling and Entertainment sites saw the largest percentages of mitigated traffic.

For attacks coming from the United Kingdom, Technology sites consistently saw around 20% of mitigated traffic through the year. During those times that it was not the most mitigated category, half a dozen other categories topped the list. Travel sites experienced two significant bursts of attacks, with nearly 60% of traffic mitigated in April, and nearly 50% in October. Other categories, including Government & Politics, Real Estate, Religion, and Education had the largest shares of mitigated traffic at various times throughout the year. UK-originated attacks on Entertainment sites jumped significantly in late November, with 40% of traffic mitigated at the end of the month.

Similar to the trends seen at the global level, Technology sites accounted for the largest percentage of mitigated attacks from the United States in January and February, clocking in between 30-40%. After that, attackers shifted their focus to target other industry categories. In mid-April, Travel sites had over 60% of requests mitigated as attacks. However, starting in May, Gambling sites most frequently had the highest percentage of traffic being mitigated, generally ranging between 20-40%, but spiking up to 70% in late October/early November.

In contrast, significantly smaller percentages of traffic across the surveyed categories from Japan was mitigated as attacks throughout 2022. Most categories saw mitigation shares of less than 10%, although there were a number of brief spikes observed at times. In late March, traffic to sites in the Government & Politics category briefly jumped to a nearly 80% mitigation share, while Travel sites spiked to nearly 70% of requests mitigated as attacks, similar to the behavior seen in other locations. In late June, Religion sites had a mitigation share of over 60%, and a couple of months later, Gambling sites experienced a rapid increase in mitigated traffic, reaching just over 40%. These attacks targeting Gambling sites then receded for a few months before starting to aggressively increase again in October.

Phishing email sources

Phishing emails are ultimately intended to trick users into providing attackers with login credentials for important websites and applications. At a consumer level, this could include an e-commerce site or banking application, while for businesses, this could include code repositories or employee information systems. For customers protected by Cloudflare Area 1 Email Security, we can identify the location that these phishing emails are being sent from. IP address geolocation is used to identify origination location, and the aggregate email counts apply to emails processed by Area 1 only. For the top 10 chart, we aggregated the number of phishing emails seen on a weekly basis per location, and then ranked the locations by phishing email volume. The chart illustrates the ranking by week, and how those rankings change across the year.

Reviewing the top 10 list, we find that the United States was the top source of phishing emails observed by Area 1 during 2022. It held the top spot for nearly the entire year, ceding it only once to Germany in November. The balance of the top 10 saw a significant amount of volatility over time, with a total of 23 locations holding a spot in the rankings for at least one month during the year. These locations were well-distributed geographically across the Americas, Europe, and Asia, highlighting that no one region of the world is a greater threat than others. Obviously, distrusting or rejecting all email originating from these locations is not a particularly practical response, but applying additional scrutiny can help keep your organization, and the Internet, safer.

Conclusion

Attempting to concisely summarize our “year in review” observations is challenging, especially as we only looked at trends in this blog post across a small fraction of the nearly 200 locations included in the website’s visualizations. Having said that, we will leave you with the following brief thoughts:

• Attack traffic comes from everywhere, with constantly shifting targets, using widely varied techniques. Ensure that your security solutions provider offers a comprehensive portfolio of services to help keep your sites, applications, and infrastructure safe.
• Internet service providers around the world need to improve support for IPv6 — it is no longer a “new” technology, and available IPv4 address space will become both increasingly scarce and increasingly expensive. Support for IPv6 needs to become the default going forward.
• Internet shutdowns are being increasingly used by governments to limit communications within a country, as well as limiting communications with the rest of the world. As the United Nations stated in a May 2022 report, “Blanket shutdowns in particular inherently impose unacceptable consequences for human rights and should never be imposed.”

As we said in the introduction, we encourage you to visit the full Cloudflare Radar 2022 Year In Review website and explore the trends relevant to locations and industries of interest, and to consider how they impact your organization so that you are appropriately prepared for 2023.

If you have any questions, you can contact the Cloudflare Radar team at [email protected] or on Twitter at @CloudflareRadar.

Acknowledgements

It truly took a village to produce the Cloudflare Radar 2022 Year In Review, and we would be remiss if we didn’t acknowledge the contributions of colleagues that were instrumental in making this project possible. Thank you to: Sabina Zejnilovic, Carlos Azevedo, Jorge Pacheco (Data Science); Ricardo Baeta, Syeef Karim (Design); Nuno Pereira, Tiago Dias, Junior Dias de Oliveira (Front End Development); João Tomé (Most popular Internet services); and Davide Marques, Paula Tavares, Celso Martinho (Project/Engineering Management).

Post Syndicated from João Tomé original https://blog.cloudflare.com/cloudflare-radar-2021-year-in-review/

In 2021, we continued to live with the effects of the COVID pandemic and Internet traffic was also impacted by it. Although learning and exercising may have started to get back to something close to normal (depending on the country), the effects of what started almost two years ago on the way people work and communicate seems to be here to stay, and the lockdowns or restrictions continue to have an impact on where and how people go online.

So, Cloudflare Radar’s 2021 Year In Review is out with interactive maps and charts you can use to explore what changed on the Internet throughout this past year. Year In Review is part of Cloudflare Radar. We launched Radar in September 2020 to give anyone access to Internet use and abuse trends.

This year we’ve added a mobile vs desktop traffic chart, but also the attack distribution that shows the evolution throughout the year — the beginning of July 2021, more than a month after the famous Colonial Pipeline cyberattack, was the time of the year when attacks worldwide peaked.

There are also interesting pandemic-related trends like the (lack) of Internet activity in Tokyo with the Summer Olympics in town and how Thanksgiving week in the US in late November affected mobile traffic in the United States.

You can also check our Popular Domains — 2021 Year in Review where TikTok, e-commerce and space companies had a big year.

Internet: growing steadily (with lockdown bumps)

In 2020 by late April we saw that the Internet had seen incredible, sudden growth in traffic because of lockdowns and that was sustained throughout the year as we showed in our 2020 Year In Review. 2021 told a slightly different story, depending on the country.

The big April-March and May Internet traffic peak from 2020 related to the pandemic wasn’t there, in the same way, this year — it was more distributed depending on the local restrictions. In 2021, Internet traffic, globally, continued to grow throughout the year, and it was at the end of the year that was higher (a normal trend, given there’s a growth in categories like online shopping and the colder season in the Northern Hemisphere, where most Internet traffic occurs, affects human behaviour).

The day of the year with the highest growth in traffic worldwide, from our standpoint, was December 2, 2021, with 20% more than the first week of the year — the Y-axis shows the percentage change in Internet traffic using a cohort of top domains from each country. But in May there was also a bump (highlighted in red as a possible pandemic-related occurrence), although not as high as we saw in the March-May period of last year.

Spikes in Internet traffic — Worldwide 2021

#1 November-December¹ (+23%)
#2 September (+20%)
#3 October (+19%)
#4 August (+16%)
#5 May (+13%)
¹Beginning of December

When we focus on specific countries using our Year In Review 2021 page you can see that new restrictions or lockdowns affected (again) Internet traffic and, in some countries, that is more evident than others.

In the following table, we show the months with the highest traffic growth (the percentage shown focus on the spikes). From our standpoint the last four months of the year usually have the highest growth in traffic after September, but Canada, the UK, Germany, France, Portugal, South Korea and Brazil seemed to show (in red) an impact of restrictions in their Internet traffic — with higher increases in the first five months of the year.

Months with the largest traffic growth — 2021

When we look at those countries’ trends we can see that Canada had lockdowns at the beginning of February that went through March and May, depending on the area of the country. That is in line with what we’ve seen in 2020: when restrictions/lockdowns are up, people tend to use the Internet more to communicate, work, exercise and learn.

Most of Europe also started 2021 with lockdowns and restrictions that included schools — so online learning was back on. That’s clear in the UK. From January to March showed a high increase in traffic percentage that went down when restrictions were relaxed.

The same happens in Portugal, where new measures on January 21, 2021, put the three first months of the year in the top 3 of the year in terms of growth of traffic, and April was #5.

We can also check the example of France. Lockdowns were imposed again especially during April and May 2021, and we can see the growth in Internet traffic during those months, slightly more timid than the first lockdown of 2020, but nonetheless evident in the 2021 chart.

Germany had the same situation in May (in April work from home was again the rule and the relaxation of measures for vaccinated people only began in mid-May), but in February the lockdown that started at the end of 2020 (and included schools) was also having an impact on Internet traffic.

In South Korea there was also an impact of the beginning of the year lockdown seen in spikes through February, April and May 2021.

Internet traffic growth in the United States had a very different year in 2021 than it had the year before, when the first lockdown had a major effect on Internet growth, but still, May was a month of high growth — it was in mid-May that there were new guidelines from the CDC about masks.

Mobile traffic: The Thanksgiving effect

Another trend worldwide from 2021 is the mobile traffic percentage evolution. Worldwide, from our standpoint, the more mobile-friendly months of the year — where mobile devices were more prevalent to go online — were July and August (typical vacations months in most of the Northern Hemisphere), but January and November were also very strong.

On our Year in Review page, you can also see the new mobile vs desktop traffic chart. The evolution of the importance of mobile traffic is different depending on the country.

For example, the United States has more desktop traffic throughout the year, but in 2021, during the Thanksgiving (November 25) week, mobile traffic took the lead for the first and only time in the whole year. We can also see that in July mobile traffic was also high in terms of relevance.

The UK has a similar trend, with June, July and August being the only months of the year when mobile traffic is prevalent compared to desktop.

If we go to the other side of the planet, to Singapore, there the mobile percentage is usually higher than desktop, and we see a completely different trend than in the US. Mobile traffic was higher in May, and desktop only went above mobile in some days of February, some in March, and especially after the end of October.

Where people accessed the Internet

We also have, again, available the possibility of selecting a city from the map of our Year in Review to zoom into a city to see the change in Internet use throughout the year. Let’s zoom in on San Francisco.

The following agglomeration of maps highlights (all available in our Year in Review site) the change in Internet use comparing the start of 2020, mid-January to mid-March — you can see that there’s still some increase in traffic, in orange —, to the total lockdown situation of April and May, with more blue areas (decrease in traffic).

The same trend is seen already in May 2021 in a time when remote work continued to be strong — especially in tech companies (employees moved from the Bay Area). Only in June of this year, there was some increase in traffic (more orange areas), especially further away from San Francisco (in residential areas).

London: From lockdown to a Euro Championship final

London tells us a different story. Looking through the evolution since the start of 2020 we can see that in March (compared to January) we have an increase in traffic (in orange) outside London (where blue is dominant).

The Internet activity only starts to get heavier in June, in time for the kick-off of the 2020 UEFA European Championship. The tournament played in several cities in Europe had a lot of restrictions and a number of games were played in London at Wembley Stadium — where Italy won the final by beating England on penalties. But at the time of the final, July, and especially August, blue was already dominant again — so people seemed to leave the London area. Only in September and October did the traffic start to pick up again, but mostly outside the city centre.

The Summer Olympics impact? Tokyo with low activity

After the UEFA European Championship, came the other big event postponed back in 2020, the Tokyo Summer Olympics. Our map seems to show the troubled months before the event with the pandemic numbers and the restrictions rising before the dates of the major event — late July and the first days of August.

There were athletes, but not fans from around the world and even locals weren’t attending — i​t was largely an event held behind closed doors with no public spectators permitted due to the declaration of a state of emergency in the Greater Tokyo Area. We can see that in our charts, especially when looking at the increase in activity in March (compared to January) and the decrease in August (compared to June), even with a global event in town (Tokyo is in the red circle).

There’s also another interesting trend pandemic-related in Lisbon, Portugal. With the lockdowns put in place since mid-January, the comparison with March shows the centre of the city losing Internet traffic and the residential areas outside Lisbon gaining it (in orange in the animation). But in April the activity decreased even around Lisbon and only started to get heavier in May when restrictions were more a lot more relaxed.

Lockdowns bring more traffic to Berlin

A different trend can be seen in Berlin, Germany. Internet activity in the city and its surroundings was very high in March and in April (compared to the previous two months) at a time when lockdowns were in place — nonetheless, in 2020 the activity decreased in April with the first major lockdown.

But in May and June, with the relaxation in restrictions, Internet activity decreased (blue) giving the idea that people left the city or, at least, weren’t using the Internet so much. Only in August did Internet activity begin to pick up again, but decreased once more in the colder months of November and December.

Cyberattacks: Threats that came in July

In terms of worldwide attacks, July and November (the month of Black Friday, when it reached a 78% in increase) were definitely the months with the highest peak of the year. The biggest peak was at the beginning of July 2021, when it reached 82%. That was more than a month after the Colonial Pipeline ransomware cyberattack — May was also the month of an attack on part of Toshiba and, in the same week, the Irish health system and of the meat processing company JBS.

The week of December 6 (the same when the Log4j vulnerability was disclosed) also had an increase in attacks — 42% more, and there was also a clear increase (42%) in the beginning of October, around the time of the Facebook outage.

In our dedicated page you can check — for the first time this year — the attack distribution in a selection of countries.

The UK had a very noticeable peak in overall Internet attacks (a growth of 150%) in August and that continued through September. We already saw that the beginning of the year, because of lockdowns, also had an increase in Internet traffic, and we can also see an increase in attacks in January 2021, but also in late November — around the time of the Black Friday week.

The United States, on the other hand, saw a growth in threats that was more uniform throughout the year. The biggest spike was between August and September (a time when students, depending on the state, were going back to school), with 65% of growth. July also had a big spike in threats (58%), but also late May (48%) — that was the month of the Colonial Pipeline ransomware cyberattack. Late November also had a spike (29%).

Countries like France had their peak in attacks (420% more) in late September and Germany it was in June (425%), but also in October (380%) and in November (350%).

The same trend can be seen in Singapore, but with an even higher growth. It reached 1,000% more threats in late November and 900% in the same month, around the time of the famous Singles’ Day (11.11, on November 11), the main e-commerce event in the region.

Also in the region, Australia, for example, also saw a big increase (more than 100%) in attacks in the beginning of September. In Japan, it was more in late May (over 40% of growth in threats).

What people did online in 2021

Last year we saw how the e-commerce category jumped in several countries after the first major lockdown — late March.

In New York, Black Friday, November 26, 2021, was the day of the whole year that e-commerce traffic peaked — it represented 31.9% of traffic, followed by Cyber Monday, November 29, with 26.6% (San Francisco has the same trend). It’s also interesting to see that in 2020 the same category peaked Black Friday, November 27, 2020 (24.3%) but April 22, during the first lockdowns, was a close second at 23.1% (this year the category only had ~14% in April).

Also with no surprise, messaging traffic peaked (20.6%) in the city that never sleeps on the first day of the year, January 1, 2021, to celebrate the New Year.

London calling (pre-Valentine messages)

But countries, cities and the people who live there have different patterns and in London messaging traffic actually peaks at 21.5% of traffic on Friday, February 12, 2021 (two days before Valentine’s Day). While in London, let’s check if Black Friday was also big outside the US. And the answer is: yes! E-commerce traffic peaked at 20.7% of traffic precisely on Black Friday, November 26.

The pandemic also has an influence in the types of websites people use and in London, travel websites had the biggest percentage in traffic on August 8, with only 1.4% — in Munich it was 1.1% on August 11. On the other hand, in New York and San Francisco, travel websites always had less than 1% of traffic.

Going back to Europe, Paris, France, saw a different trend. Travel websites had 1.9% of traffic on June 7, 2021, precisely the week that the pandemic restrictions were lifted — France opened to international travelers on June 9, 2021. The “City of Light” (and love) had its biggest day of the year for messaging websites (24.4%) on Sunday, January 31 — a time when there were new restrictions announced to try to avoid a total lockdown.

The hacker attack: 2021 methods

Our Year in Review site also lets you dig into which attack methods gained the most traction in 2021. It is a given that hackers continued to run their tools to attack websites, overwhelm APIs, and try to exfiltrate data — recently the Log4j vulnerability exposed the Internet to new possible exploitation.

Just to give some examples, in Paris “faking search engine bots” represented 48.3% of the attacks selected for the chart on January 14, 2021, but “SQL Injection” got to 59% on April 29.

In London “User-Agent Anomaly” was also relevant in some parts of the year, but in San Francisco it was mostly “information disclosure” that was more prevalent, especially in late November, at a time when online shopping was booming — in December “file inclusion” vulnerability had a bigger percentage.

Now it’s your turn: explore more

To explore data for 2021 (but also 2020), you can check out Cloudflare Radar’s Year In Review page. To go deep into any specific country with up-to-date data about current trends, start at Cloudflare Radar’s homepage.