Surge in DDoS Attacks: Insights from Radware’s H1 2024 Global Threat Analysis Report
In an alarming revelation, Radware’s recently released H1 2024 Global Threat Analysis Report has documented a staggering 265% increase in web-based Distributed Denial of Service (DDoS) attacks. This dramatic rise is attributed to a confluence of geopolitical tensions and the growing exploitation of application infrastructure, marking a significant shift in the cyber threat landscape.
Geopolitical Tensions Fueling Cyber Attacks
Pascal Geenens, Radware’s Director of Threat Intelligence, emphasized the role of global unrest in driving these malicious activities. “High-intensity, volumetric attacks surged, marked by a growing emphasis on the application infrastructure,” he stated. The report highlights that ongoing conflicts in Europe and the Middle East, alongside significant international events such as elections, have become catalysts for increased cyber aggression. As tensions escalate, so too does the frequency and intensity of DDoS attacks, suggesting that this trend is likely to persist.
The Role of AI in Cyber Threats
The report also raises concerns about the democratization of AI technology, which is increasingly accessible through powerful large language models. This accessibility is expected to empower more threat actors, potentially leading to an even greater surge in cyber attacks. As malicious actors harness AI capabilities, the sophistication and scale of DDoS attacks could reach unprecedented levels, posing a significant challenge for organizations worldwide.
EMEA Region: The Epicenter of DDoS Attacks
The data compiled in Radware’s report reveals that the Europe, Middle East, and Africa (EMEA) region bore the brunt of web DDoS attacks, accounting for over 90% of incidents reported in the first half of 2024. This concentration of attacks underscores the vulnerability of organizations in this region, which are increasingly targeted due to their geopolitical significance and the critical nature of their infrastructure.
In North America, the focus of attacks shifted towards online applications and APIs, with 66% of web attacks directed at these platforms. The finance sector emerged as a primary target, suffering 44% of network-layer DDoS attacks. The implications of these findings are particularly concerning given the upcoming US elections and the potential for financial market instability.
DNS DDoS Attacks on the Rise
The report also highlights a significant uptick in DNS DDoS attack activity, which quadrupled compared to the first half of 2023. Malicious DNS queries surged by 76% compared to the total observed throughout 2023. Once again, the finance industry was the most affected, representing 52% of Layer 7 DNS Flood attack activity. This trend indicates a growing sophistication in attack strategies, as cybercriminals increasingly target the foundational elements of internet infrastructure.
Record-Breaking DDoS Campaigns
One of the most alarming revelations from the report was the documentation of a record-breaking six-day Web DDoS attack campaign against a financial institution. This campaign consisted of multiple waves lasting between 4 to 12 hours each, culminating in a staggering total of 100 hours of attack time. The average attack rate reached 4.5 million requests per second (RPS), peaking at an astonishing 14.7 million RPS. Such sustained and intense attacks highlight the evolving capabilities of cybercriminals and the urgent need for robust defense mechanisms.
Regional Analysis of DDoS Attacks
The report provides a detailed analysis of DDoS attack volumes across different regions. In EMEA, the average DDoS volume blocked per organization increased by 293%, while the Americas saw a 116% rise, and the Asia-Pacific (APAC) region experienced a 302% increase compared to the same period in 2023. The Americas accounted for 58% of global attacks and 37% of the volume, while EMEA mitigated 56% of the global volume despite only accounting for 23% of the attacks. The APAC region reported nearly 19% of attacks, contributing to 7% of the global volume. The finance sector remained the most frequently targeted, followed by healthcare, technology, and government sectors.
Hacktivism and Cybercrime
The report also noted a steady rate of hacktivist-driven DDoS activities, with claims of 1,000 to 1,200 attacks per month. Notable groups such as NoName057(16), Executor DDoS, and Cyber Army of Russia Reborn have been active, with Ukraine emerging as the most targeted nation, experiencing 741 claimed attacks—almost matching the total for all of 2023. Geenens pointed out that platforms like Telegram have become essential for cybercriminals, facilitating recruitment, alliance-building, and the exchange of attack services and cryptocurrency.
Increasing Threat to Web Applications and APIs
Finally, the report indicates a 22% increase in web application and API attacks compared to the second half of 2023. North America was the primary target, accounting for 66% of these attacks, while EMEA represented 23%. This trend underscores the need for organizations to bolster their defenses against increasingly sophisticated threats targeting their digital assets.
Conclusion
Radware’s H1 2024 Global Threat Analysis Report paints a concerning picture of the current cyber threat landscape, characterized by a dramatic increase in DDoS attacks driven by geopolitical tensions and the exploitation of application infrastructure. As threat actors continue to evolve their tactics and leverage new technologies, organizations must remain vigilant and proactive in their cybersecurity strategies to mitigate the risks posed by these escalating threats. The findings serve as a crucial reminder of the importance of robust cybersecurity measures in an increasingly interconnected and volatile world.