Radware report reveals 265% rise in global web DDoS attacks

Radware’s recently released H1 2024 Global Threat Analysis Report shows a dramatic increase in web-based Distributed Denial of Service (DDoS) attacks.

The findings indicate a 265% surge in such incidents, driven largely by geopolitical tensions and increased exploitation of application infrastructure.

“High-intensity, volumetric attacks surged, marked by a growing emphasis on the application infrastructure,” said Pascal Geenens, Radware’s Director of Threat Intelligence. “Worldwide geopolitical tensions, including conflicts in Europe and the Middle East, as well as international events like country elections, are driving this malicious activity.”

Pascal expects the trend to persist, as "more threat actors adopt AI technology democratized through increasingly powerful and publicly available large language models."

The report is based on data from Radware's Cloud and Managed Services, along with insights gained from public platforms like Telegram, commonly used by cybercriminals. The analysis reveals that organisations in the Europe, Middle East, and Africa (EMEA) region were the primary targets of web DDoS attacks, bearing over 90% of the incidents reported during the first six months of 2024.

In North America, 66% of web attacks targeted online applications and APIs. The finance sector was particularly hard hit, experiencing 44% of network-layer DDoS attacks. Geenens noted the troubling implications for global cyber disruption, particularly with the gravity of the upcoming US elections and concerns over financial market stability.

DNS DDoS attack activity saw a significant rise, quadrupling compared to the first half of 2023. The number of malicious DNS queries grew by 76% compared to the total number observed during all of 2023. The finance industry was again the most targeted, representing 52% of Layer 7 DNS Flood attack activity.

Radware's report also highlighted a record-breaking six-day Web DDoS attack campaign against a financial institution. The campaign, comprised of multiple waves lasting 4-12 hours each, totalled 100 hours of attack time. It maintained an average rate of 4.5 million requests per second (RPS) and peaked at 14.7 million RPS.

Network-layer DDoS attacks similarly exhibited exponential growth. The average DDoS volume blocked per organisation increased by 293% in EMEA, 116% in the Americas, and 302% in the Asia-Pacific (APAC) region compared to the same period in 2023. The Americas faced 58% of global attacks and 37% of the volume, while EMEA accounted for 23% of the attacks but mitigated 56% of the global volume. The APAC region reported almost 19% of attacks and 7% of the global volume. Finance organisations were once again the most frequently targeted, followed by healthcare, technology, and government sectors.

The report also observed that hacktivist-driven DDoS activities remained consistent, hovering between 1,000 to 1,200 claimed attacks per month. Notable groups include NoName057(16), which claimed 1,902 attacks, Executor DDoS with 577 claimed attacks, and Cyber Army of Russia Reborn with 437 claimed attacks. Ukraine emerged as the most targeted country with 741 claimed attacks, compared to 744 attacks in all of 2023.

“Following the conflict between Russia and Ukraine, Telegram has continued to inspire many hacktivists and other ill-intended groups,” said Geenens. He elaborated that Telegram has become a significant hub for cybercriminals, enabling them to recruit volunteers, build global alliances, create and sell attack services, and exchange cryptocurrency with ease.

Web application and API attacks also saw an uptick, increasing by 22% compared to the second half of 2023. 66% of these attacks targeted North American applications and APIs, while EMEA accounted for 23% of the attack activity.