Skip to content
Information Technology

Radware H1 2023 report: Malicious web application transactions skyrocket 500%

PR Deadlines 4 mins read

• DoS attack patterns shift to layer 7, essential infrastructure and cloud-based operations

• DNS Flood attacks surge

• Government, business/economy, and travel websites face the most hacktivist claimed DDoS attacks worldwide

SYDNEY, August 25.  Radware® (NASDAQ: RDWR), a leading provider of cyber security and application delivery solutions, released its first half 2023 global threat analysis report.

The comprehensive report leverages intelligence provided by network and application attack activity sourced from Radware’s cloud and managed services, global deception network, and threat intelligence research team. In addition, it draws from information found on Telegram, a public messaging platform often used by cybercriminals.

Radware’s director of threat intelligence Pascal Geenens commented: “The narrative for the threat landscape in 2023 is clear - a significant shift is taking place in denial-of-service attack patterns. The message to organisations is equally as clear: the focus now lies on proactively adapting to these evolving cyber threats.

“Increasing numbers of bad actors are moving up the network stack from layers 3 and 4 to layer 7 with their sights set on compromising online applications and APIs as well as essential infrastructure. To launch attacks with even greater impact, control, and scale, also look for them to continue a steady transition from compromised IoT devices to cloud-based operations.”

Shifting DDoS attack patterns

The global threat landscape continues to evolve at a rapid pace. In 2023, the profile of Denial-of-Service attacks is being redefined in terms of tactics, vector, size, complexity and hacktivist offensives.

According to Radware’s attack activity during the first half of 2023:

# Changing tactics: The number of malicious web application transactions skyrocketed by 500% compared to the first half of 2022, while the total number of DDoS events decreased 33%. This points to a change in DDoS attack patterns as attacks shift from the network layer to the application layer.

# Surging vectors: There has been a considerable surge in DNS query floods. In the second quarter of 2023, the proportion of attacks featuring a DNS Flood vector climbed almost twofold compared to the ratio of attacks in 2021 and most of 2022.

# Bigger attacks: The relative number of large attacks (greater than 100Gbps) rose sharply, increasing from 3.75x in 2022 to 10.5x in 2023, considerably outpacing the growth in small (less than 1Gbps) and mid-sized (1Gbps to 100Gbps) attacks.

# Increasing complexity: The average complexity of attacks increased with attack size. Attacks above 1Gbps on average had more than two dissimilar attack vectors per attack, while attacks above 100Gbps had on average more than eight dissimilar attack vectors.

# Escalating hacktivist offensives: NoName057(16) was the most active hacker group on Telegram, claiming 1459 DDoS attacks, followed by Anonymous Sudan with 660 attacks, and Team Insane PK with 588 attacks.

Hacktivists influences

“Hacktivists are a major contributor to the dramatic increase in the volume and intensity of layer 7 attacks, and organisations across the globe are getting caught in the crosshairs,” continued Geenens. “The effectiveness of these attacks has been significantly amplified as hacktivists rally patriotic volunteers and provide them access to crowd-sourced botnets, custom attack tools, and detailed attack tutorials.”

According to attacks claimed by hacktivists on Telegram, politically motivated and religious groups waged multiple DDoS campaigns during the first half of 2023:

# Geographic targets: Most of the hacktivist claimed DDoS attacks targeted India (674 attacks), followed by the United States (507 attacks), Israel (459 attacks), Ukraine (376 attacks), and Poland (297 attacks).

# Website targets: Government (1112 attacks), business/economy (1036 attacks), and travel (628 attacks) websites faced the most hacktivists attacks, followed by financial services (420 attacks) and health/medicine (329 attacks).

Geographies under attack

Various regions across the globe emerged as DDoS hot spots. According to Radware’s attack activity during the first half of 2023:

# EMEA shouldered the largest number of the DDoS attacks, blocking 66% of the attacks and facing 48% of the attack volume.

# The Americas blocked 25% of the DDoS attacks. While the Americas blocked a smaller share of attacks compared to EMEA, the Americas experienced a threat level on par with EMEA bearing nearly equal attack volumes (47%).

# The APAC region blocked 9% of the DDoS events and faced 5% of the global attack volume.

Industries under attack

Radware’s global attack activity revealed that research and education bore almost a third (32%) of the DDoS attack volume, while service providers and technology accounted for 20% and 12%, respectively. On a regional basis, however, the distribution of DDoS attack volume varied.

During the first half of 2023:

# In the Americas, service providers (39%) and research and education (38%) drew the majority of the DDoS attack volume, followed by healthcare (7%) and energy (6%).

# In EMEA, technology (32%) experienced the biggest share of the DDoS attack volume, followed by gaming (15%) and telecom (15%).

# In APAC, service providers (50%) bore the brunt of the DDoS attack volume, followed by retail (21%), gaming (9%), and transportation and logistics (6%).

Surge in web application activity

While there was near linear growth in the number of web transactions per quarter in 2022, there was exponential growth in the first half of 2023.

According to Radware’s attack activity during the first six months of 2023:

# The number of malicious web application transactions grew by a staggering 500% compared to the first half of 2022. The sharp rise underscores the significant shift in DDoS attack patterns as attacks increasingly progress to layer 7.

# The most significant security violation was predictable resource location attacks (34%), followed by SQL (20%) and code injection attacks (10%), together generating 64% of total web application attack activity.

# The most attacked industry was retail (36%), followed by carriers (11%) and SAAS providers (8%).

Radware’s complete first half 2023 global threat analysis report can be downloaded here.

About Radware

Radware® (NASDAQ: RDWR) is a global leader of cyber security and application delivery solutions for physical, cloud, and software defined data centers. Its award-winning solutions portfolio secures the digital experience by providing infrastructure, application, and corporate IT protection, and availability services to enterprises globally. Radware’s solutions empower enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity, and achieve maximum productivity while keeping costs down. For more information, please visit the Radware website.

More from this category

  • Information Technology
  • 01/12/2023
  • 01:07

Cleverbridge Launches CleverInsights to Deliver Accurate, AI-Powered Analytics for Subscription Businesses

The product's easy-to-use dashboards empower companies to accurately benchmark and forecast performance, calculate robust customer health scores, and more.COLOGNE, GERMANY / ACCESSWIRE / November 30, 2023 / Cleverbridge, a growth engine for global technology companies, today announced the launch of CleverInsights, an advanced analytics suite that leverages AI and 18+ years of eCommerce data to provide unparalleled visibility into recurring revenue, retention, and other essential subscription metrics. Pre-built dashboards for benchmarking, forecasting, anomaly detection, and customer health scoring empower organizations to derive deep insights and optimize performance in near real-time amid an uncertain and ever-changing business environment. These features streamline…

  • Information Technology
  • 29/11/2023
  • 10:07
SEAtS Software

SEAtS Software, a Leading EdTech Provider, Announces Global Launch of Stand-Alone Mitigating Circumstances Solution

DUBLIN, Ireland, Nov. 28, 2023 (GLOBE NEWSWIRE) -- SEAtS Software, a leading provider of student success solutions, is proud to announce the global availability of their stand-alone mitigating & special circumstances solution. This solution is designed to help higher education institutions manage the increasing volume and complexity of mitigating and special circumstances applications from students.Mitigating and special circumstances are situations that affect a student's ability to perform academically, such as illness, bereavement, or personal issues. These situations require a fair and transparent process to assess the impact on the student's grades and provide appropriate support and adjustments.However, many institutions are…

  • Information Technology
  • 29/11/2023
  • 07:07
CSP, Inc.

ARIA Cybersecurity Partners With Logi-Tech To Protect Australia’s Critical Infrastructure From Growing Cyberthreat

Leading Australian MSSP launches new managed Security Operations Center (SOC) service for IT and critical infrastructure customersBOSTON, MA / ACCESSWIRE / November 28, 2023 / ARIA Cybersecurity Solutions, a CSPi business (NASDAQ:CSPI), has launched its AZT PROTECT™ solution in Australia via a partnership with Logi-Tech, a leading local managed security service provider (MSSP). By adding AZT PROTECT to its portfolio, Logi-Tech can offer a groundbreaking service for protecting critical applications in operational technology (OT) environments such as manufacturing, mining, and government.Logi-Tech's new managed Security Operations Center (SOC) service is based on a combination of the ARIA Advanced Detection Response (ADR)…

Media Outreach made fast, easy, simple.

Feature your press release on Medianet's News Hub every time your distribute with Medianet. Pay per release or save with a subscription.