Surge in Web-Based DDoS Attacks: Insights from Radware’s H1 2024 Global Threat Analysis Report

In an alarming revelation, Radware’s recently released H1 2024 Global Threat Analysis Report has documented a staggering 265% increase in web-based Distributed Denial of Service (DDoS) attacks. This dramatic rise is largely attributed to escalating geopolitical tensions and a growing trend of exploiting application infrastructure. As cyber threats evolve, organizations worldwide must remain vigilant and proactive in safeguarding their digital assets.

Geopolitical Tensions Fueling Cyber Attacks

Pascal Geenens, Radware’s Director of Threat Intelligence, highlighted the correlation between global conflicts and the surge in DDoS attacks. “High-intensity, volumetric attacks surged, marked by a growing emphasis on the application infrastructure,” he stated. The report indicates that ongoing geopolitical strife, particularly in Europe and the Middle East, alongside significant international events such as national elections, has intensified malicious cyber activity. As tensions rise, so does the motivation for threat actors to disrupt services and create chaos.

The Role of AI in Cyber Threats

Looking ahead, Radware anticipates that the trend of increasing DDoS attacks will persist. The democratization of artificial intelligence technology, facilitated by powerful and publicly available large language models, is expected to empower more threat actors. This evolution in technology could lead to more sophisticated and widespread cyber attacks, making it imperative for organizations to bolster their defenses against these emerging threats.

EMEA Region: The Epicenter of DDoS Attacks

The report reveals that organizations in the Europe, Middle East, and Africa (EMEA) region were disproportionately targeted, accounting for over 90% of web DDoS incidents reported in the first half of 2024. This alarming statistic underscores the need for heightened security measures in these regions. In North America, 66% of web attacks were directed at online applications and APIs, with the finance sector suffering the most, experiencing 44% of network-layer DDoS attacks. The implications of these findings are particularly concerning, especially with the upcoming US elections and the potential for financial market instability.

DNS DDoS Attacks on the Rise

Another critical finding from the report is the significant increase in DNS DDoS attack activity, which has quadrupled compared to the first half of 2023. The number of malicious DNS queries surged by 76% compared to the total observed throughout 2023. The finance industry was again the primary target, representing 52% of Layer 7 DNS Flood attack activity. This trend highlights the need for organizations to implement robust DNS security measures to mitigate the risks associated with such attacks.

Record-Breaking DDoS Campaigns

Radware’s report also detailed a record-breaking six-day Web DDoS attack campaign against a financial institution. This campaign consisted of multiple waves lasting between 4 to 12 hours each, totaling an astonishing 100 hours of attack time. The attack maintained an average rate of 4.5 million requests per second (RPS) and peaked at a staggering 14.7 million RPS. Such unprecedented attack volumes illustrate the evolving capabilities of cybercriminals and the urgent need for organizations to enhance their defensive strategies.

Exponential Growth in Network-Layer DDoS Attacks

The report further revealed exponential growth in network-layer DDoS attacks across various regions. The average DDoS volume blocked per organization increased by 293% in EMEA, 116% in the Americas, and 302% in the Asia-Pacific (APAC) region compared to the same period in 2023. The Americas faced 58% of global attacks and 37% of the volume, while EMEA accounted for 23% of the attacks but mitigated 56% of the global volume. The APAC region reported nearly 19% of attacks and 7% of the global volume. Consistently, the finance sector emerged as the most frequently targeted, followed by healthcare, technology, and government sectors.

Hacktivism and Cybercriminal Networks

The report also noted that hacktivist-driven DDoS activities remained stable, with claims of 1,000 to 1,200 attacks per month. Notable groups included NoName057(16), Executor DDoS, and Cyber Army of Russia Reborn, with Ukraine emerging as the most targeted country. The ongoing conflict between Russia and Ukraine has fueled a surge in hacktivism, with Telegram serving as a significant platform for cybercriminals to recruit volunteers, build alliances, and exchange attack services.

Web Application and API Attacks on the Rise

In addition to DDoS attacks, web application and API attacks saw a notable increase of 22% compared to the second half of 2023. North America accounted for 66% of these attacks, while EMEA represented 23% of the activity. This trend emphasizes the need for organizations to prioritize the security of their web applications and APIs, as they become increasingly targeted by cybercriminals.

Conclusion

Radware’s H1 2024 Global Threat Analysis Report paints a concerning picture of the current cyber threat landscape. The dramatic increase in web-based DDoS attacks, fueled by geopolitical tensions and the rise of AI technology, underscores the urgent need for organizations to enhance their cybersecurity measures. As cybercriminals continue to evolve their tactics and exploit vulnerabilities, proactive defense strategies will be essential in safeguarding digital assets and ensuring business continuity in an increasingly hostile cyber environment.