Radware’s First Half 2024 Report: Web DDoS Attacks Climb 265%

Rhea-AI Summary

Radware's H1 2024 Global Threat Analysis Report reveals a significant surge in cyber attacks, with web DDoS attacks climbing 265% compared to H2 2023. Key findings include:

- Application-Layer DNS DDoS attacks quadrupled vs H1 2023
- North American online applications faced 66% of web attacks
- EMEA organizations bore over 90% of web DDoS attacks
- Finance sector experienced 44% of network-layer DDoS attacks
- Pro-Russian attacks on Ukraine doubled compared to 2023 average

The report highlights increased attack volumes, with EMEA seeing a 293% growth in average DDoS volume blocked per organization. Hacktivist activities remained high, with 1,000-1,200 claimed attacks monthly. The finance industry was the primary target for both network-layer DDoS (44%) and DNS DDoS attacks (52%).

Positive

• Web DDoS attacks increased by 265% globally compared to H2 2023
• Application-Layer DNS DDoS attack activity quadrupled compared to H1 2023
• Average DDoS volume blocked per organization grew by 293% in EMEA, 116% in the Americas, and 302% in APAC
• Web application and API attacks increased by 22% compared to H2 2023

Negative

• EMEA organizations faced over 90% of web DDoS attacks
• Finance organizations experienced 44% of network-layer DDoS attacks globally
• The average number of Pro-Russian attacks targeting Ukraine doubled compared to 2023
• North American online applications and APIs shouldered 66% of web attacks

Cybersecurity Analyst

The 265% surge in Web DDoS attacks during H1 2024 is a significant concern for businesses globally. This escalation, coupled with the quadrupling of DNS DDoS attacks, indicates a rapidly evolving threat landscape. The 4.5 million RPS average and 14.7 million RPS peak in a recent attack campaign demonstrate the increasing sophistication of threat actors.

Of particular note is the 293% growth in average DDoS volume blocked per organization in EMEA, suggesting a targeted approach by attackers. The finance sector, bearing 44% of network-layer DDoS attacks and 52% of DNS DDoS attacks, appears to be the primary target. This concentration of attacks on financial institutions could potentially impact market stability and investor confidence.

Geopolitical Risk Analyst

The report underscores the significant impact of geopolitical tensions on cybersecurity. The doubling of Pro-Russian attacks on Ukraine and the high number of attacks on Israel (542 claimed attacks) reflect ongoing conflicts. The targeting of government websites, particularly in Ukraine, Israel and India, suggests attempts to disrupt national infrastructure and potentially influence public opinion.

The mention of upcoming events like the U.S. election and concerns over decelerating financial markets as potential catalysts for increased cyber disruption is particularly worrying. These factors could lead to market volatility and impact investor sentiment across various sectors. The rise of hacktivist activities, with groups like NoName057(16) claiming 1,902 attacks, adds another layer of unpredictability to the global cybersecurity landscape.

Technology Trend Analyst

The report highlights a important trend: the growing emphasis on attacking application infrastructure. This shift suggests that threat actors are adapting their strategies to target more critical and potentially vulnerable parts of business operations. The 22% increase in web application and API attacks is particularly concerning, as these are often gateways to sensitive data and core business functions.

The prediction that AI technology, especially large language models, will be increasingly adopted by threat actors is a red flag for tech companies and their investors. This trend could lead to more sophisticated and harder-to-detect attacks, potentially increasing cybersecurity costs and risks across all sectors. Companies that can innovate in AI-powered defense mechanisms may see increased market interest and potential growth opportunities.

Worldwide geopolitical tensions drive attacks with emphasis on the application infrastructure

News Highlights
In the first half of 2024:

• Application-Layer DNS DDoS attack activity quadruples compared to the first half of 2023
• North American online applications and APIs shoulder 66% of web attacks
• EMEA organizations face more than 90% of web DDoS attacks
• Finance organizations experience 44% of network-layer DDoS attacks
• The average number of Pro-Russian attacks targeting Ukraine doubles compared to the average number in 2023

MAHWAH, N.J., Aug. 15, 2024 (GLOBE NEWSWIRE) -- Radware^® (NASDAQ: RDWR), a global leader in application security and delivery solutions for multi-cloud environments, released its H1 2024 Global Threat Analysis Report.

“During the first half of 2024, high-intensity, volumetric attacks surged, marked by a growing emphasis on the application infrastructure,” said Pascal Geenens, Radware’s director of threat intelligence. “World-wide geopolitical tensions, including conflicts in Europe and the Middle East, as well as international events, like country elections, Eurovision, UEFA Euro, and the Olympics, continue to drive malicious activity. In the back half of the year, we expect attacks to continue to climb, as more threat actors adopt AI technology democratized through increasingly powerful and publicly available large language models. The gravity of the upcoming election in the United States and concerns over decelerating financial markets are also set to fuel cyber disruption.”

Radware’s report leverages intelligence provided by network and application attack activity sourced from the company’s Cloud and Managed Services and threat intelligence research team. In addition, it draws from information found on Telegram, a public messaging platform often used by cybercriminals.

Web DDoS attacks climb more than 200%
Web DDoS attacks made significant gains in frequency and intensity.

• Number of attacks: In the first half of 2024, Web DDoS attacks surged globally 265% compared to the second half of 2023.
• Geographic targets: Organizations in EMEA were the primary target of Web DDoS attacks between January and June of 2024, shouldering more than 90% of the attacks.

Recently, Radware reported a record-breaking six-day Web DDoS attack campaign, targeting a financial institution. It consisted of multiple waves, which lasted 4- to 12-hours, amounting to a total of 100 hours of attack time and sustaining an average of 4.5 million RPS with a peak of 14.7 million RPS.

Network-layer DDoS attack volumes increase exponentially
During the first half of 2024:

• Attack volume: Average DDoS volume blocked per organization grew by 293% in EMEA, 116% in the Americas, and 302% in APAC, compared to the same period in 2023.
• Geographic targets:         
  • The Americas faced 58% of global attacks and 37% of the volume, while EMEA accounted for 23% of the attacks but mitigated 56% of the global volume.
  • The APAC region accounted for almost 19% of attacks and 7% of the global volume.
• Industry targets: Globally, finance organizations experienced the highest attack activity (44%), followed by healthcare (17%), technology (10%), and government (7%).
  

Application-layer DNS DDoS attack activity quadruples
Between January and June of 2024:

• Attack activity:
  • DNS DDoS attack activity quadrupled compared to the first half of 2023.
  • The number of malicious DNS queries grew by 76% compared to the total number of queries observed during all of 2023.
• Industry targets: Finance was the most targeted industry, representing 52% of the total Layer 7 DNS Flood attack activity. Healthcare, telecom, and research and education were other notable industries.

Hacktivist DDoS activity continues unabated
During the first half of 2024, the hacktivist landscape remained dynamic with constant DDoS activities. According to data gathered from Telegram:

• Number of attacks: Hacktivist-driven DDoS attacks hovered between 1,000 to 1,200 claimed attacks per month.
• Top actors claiming DDoS attacks: NoName057(16) remained the most active threat actor by a significant margin, claiming 1,902 attacks, followed by Executor DDoS (577 claimed attacks) and Cyber Army of Russia Reborn (437 claimed attacks).
• Geographic targets: Ukraine was the most targeted country with 741 claimed attacks compared to 744 attacks in all of 2023. The United States ranked second (604 claimed attacks), followed by Israel (542 claimed attacks), and India (364 claimed attacks).
• Website targets: Government websites were top hacktivist targets, especially in Ukraine, Israel and India. Business and economy followed by travel were the second and third most targeted websites respectively.

“Following the conflict between Russia and Ukraine, Telegram has continued to inspire many hacktivists and other ill-intended groups to make a move for the platform,” said Geenens. “It’s become a major hub for cyber criminals, making it easier for them to recruit volunteers, build global alliances, create and sell attack services, and exchange cryptocurrency.”

Web application and API attacks rise
During the first half of 2024:

• Number of attacks: Web application and API attacks increased by 22% compared to the second half of 2023.
• Geographic targets: The majority of web attacks (66%) were targeting applications and APIs located in North America. Applications in EMEA accounted for 23% of the attack activity.

Radware’s complete 2024 Global Threat Analysis Report can be downloaded here.

About Radware
Radware^® (NASDAQ: RDWR) is a global leader in application security and delivery solutions for multi-cloud environments. The company’s cloud application, infrastructure, and API security solutions use AI-driven algorithms for precise, hands-free, real-time protection from the most sophisticated web, application, and DDoS attacks, API abuse, and bad bots. Enterprises and carriers worldwide rely on Radware’s solutions to address evolving cybersecurity challenges and protect their brands and business operations while reducing costs. For more information, please visit the Radware website.

Radware encourages you to join our community and follow us on: Facebook, LinkedIn, Radware Blog, X, YouTube, and Radware Mobile for iOS.

©2024 Radware Ltd. All rights reserved. Any Radware products and solutions mentioned in this press release are protected by trademarks, patents, and pending patent applications of Radware in the U.S. and other countries. For more details, please see: https://www.radware.com/LegalNotice/. All other trademarks and names are property of their respective owners.

THIS PRESS RELEASE AND THE RADWARE H1 2024 GLOBAL THREAT ANALYSIS REPORT ARE PROVIDED FOR INFORMATIONAL PURPOSES ONLY. THESE MATERIALS ARE NOT INTENDED TO BE AN INDICATOR OF RADWARE'S BUSINESS PERFORMANCE OR OPERATING RESULTS FOR ANY PRIOR, CURRENT, OR FUTURE PERIOD.

Radware believes the information in this document is accurate in all material respects as of its publication date. However, the information is provided without any express, statutory, or implied warranties and is subject to change without notice.

The contents of any website or hyperlinks mentioned in this press release are for informational purposes and the contents thereof are not part of this press release.

Safe Harbor Statement
This press release includes “forward-looking statements” within the meaning of the Private Securities Litigation Reform Act of 1995. Any statements made herein that are not statements of historical fact, including statements about Radware’s plans, outlook, beliefs, or opinions, are forward-looking statements. Generally, forward-looking statements may be identified by words such as “believes,” “expects,” “anticipates,” “intends,” “estimates,” “plans,” and similar expressions or future or conditional verbs such as “will,” “should,” “would,” “may,” and “could.” For example, when we say in this press release that in the back half of the year, we expect attacks to continue to climb, as more threat actors adopt AI technology democratized through increasingly powerful and publicly available large language models, we are using forward-looking statements. Because such statements deal with future events, they are subject to various risks and uncertainties, and actual results, expressed or implied by such forward-looking statements, could differ materially from Radware’s current forecasts and estimates. Factors that could cause or contribute to such differences include, but are not limited to: the impact of global economic conditions, including as a result of the state of war declared in Israel in October 2023 and instability in the Middle East, the war in Ukraine, and the tensions between China and Taiwan; our dependence on independent distributors to sell our products; our ability to manage our anticipated growth effectively; a shortage of components or manufacturing capacity could cause a delay in our ability to fulfill orders or increase our manufacturing costs; our business may be affected by sanctions, export controls, and similar measures, targeting Russia and other countries and territories, as well as other responses to Russia’s military conflict in Ukraine, including indefinite suspension of operations in Russia and dealings with Russian entities by many multi-national businesses across a variety of industries; the ability of vendors to provide our hardware platforms and components for the manufacture of our products; our ability to attract, train, and retain highly qualified personnel; intense competition in the market for cyber security and application delivery solutions and in our industry in general, and changes in the competitive landscape; our ability to develop new solutions and enhance existing solutions; the impact to our reputation and business in the event of real or perceived shortcomings, defects, or vulnerabilities in our solutions, if our end-users experience security breaches, if our information technology systems and data, or those of our service providers and other contractors, are compromised by cyber-attackers or other malicious actors or by a critical system failure; outages, interruptions, or delays in hosting services; the risks associated with our global operations, such as difficulties and costs of staffing and managing foreign operations, compliance costs arising from host country laws or regulations, partial or total expropriation, export duties and quotas, local tax exposure, economic or political instability, including as a result of insurrection, war, natural disasters, and major environmental, climate, or public health concerns, such as the COVID-19 pandemic; our net losses in the past two years and possibility we may incur losses in the future; a slowdown in the growth of the cyber security and application delivery solutions market or in the development of the market for our cloud-based solutions; long sales cycles for our solutions; risks and uncertainties relating to acquisitions or other investments; risks associated with doing business in countries with a history of corruption or with foreign governments; changes in foreign currency exchange rates; risks associated with undetected defects or errors in our products; our ability to protect our proprietary technology; intellectual property infringement claims made by third parties; laws, regulations, and industry standards affecting our business; compliance with open source and third-party licenses; and other factors and risks over which we may have little or no control. This list is intended to identify only certain of the principal factors that could cause actual results to differ. For a more detailed description of the risks and uncertainties affecting Radware, refer to Radware’s Annual Report on Form 20-F, filed with the Securities and Exchange Commission (SEC), and the other risk factors discussed from time to time by Radware in reports filed with, or furnished to, the SEC. Forward-looking statements speak only as of the date on which they are made and, except as required by applicable law, Radware undertakes no commitment to revise or update any forward-looking statement in order to reflect events or circumstances after the date any such statement is made. Radware’s public filings are available from the SEC’s website at www.sec.gov or may be obtained on Radware’s website at www.radware.com.

FAQ

What was the increase in web DDoS attacks for Radware (RDWR) in H1 2024?

According to Radware's H1 2024 Global Threat Analysis Report, web DDoS attacks surged globally by 265% compared to the second half of 2023.

Which region was the primary target of web DDoS attacks for Radware (RDWR) in H1 2024?

Organizations in EMEA (Europe, Middle East, and Africa) were the primary target of web DDoS attacks, shouldering more than 90% of the attacks between January and June 2024.

What was the growth in DNS DDoS attack activity for Radware (RDWR) in H1 2024?

Radware reported that DNS DDoS attack activity quadrupled in the first half of 2024 compared to the first half of 2023.

Which industry was the most targeted by Layer 7 DNS Flood attacks for Radware (RDWR) in H1 2024?

According to Radware's report, the finance industry was the most targeted, representing 52% of the total Layer 7 DNS Flood attack activity in the first half of 2024.