Worldwide geopolitical tensions drive attacks with emphasis on the application infrastructure
News Highlights
In the first half of 2024:
- Application-Layer DNS DDoS attack activity quadruples compared to the first half of 2023
- North American online applications and APIs shoulder 66% of web attacks
- EMEA organisations face more than 90% of web DDoS attacks
- Finance organisations experience 44% of network-layer DDoS attacks
- The average number of Pro-Russian attacks targeting Ukraine doubles compared to the average number in 2023
Radware® (NASDAQ: RDWR), a global leader in application
security and delivery solutions for multi-cloud environments, released its H1 2024 Global Threat Analysis Report.
“During the first half of 2024, high-intensity, volumetric attacks surged, marked by a growing emphasis on the application infrastructure,” said Pascal Geenens, Radware’s director of threat intelligence. “World-wide geopolitical tensions, including conflicts in Europe and the Middle
East, as well as international events, like country elections, Eurovision, UEFA Euro, and the Olympics, continue to drive malicious activity. In the back half of the year, we expect attacks to continue to climb, as more threat actors adopt AI technology democratised through increasingly powerful and publicly available large language models. The gravity of the upcoming election in the United States and concerns over decelerating financial markets are also set to fuel cyber disruption.”
Radware’s report leverages intelligence provided by network and application attack activity sourced from the company’s Cloud and Managed Services and threat intelligence research team. In addition, it draws from information found on Telegram, a public messaging platform often used by cybercriminals.
Web DDoS attacks climb more than 200%
Web DDoS attacks made significant gains in frequency and intensity.
- Number of attacks: In the first half of 2024, Web DDoS attacks surged globally 265% compared to the second half of 2023.
- Geographic targets: Organizations in EMEA were the primary target of Web DDoS attacks between January and June of 2024, shouldering more than 90% of the attacks.
Recently, Radware reported a record-breaking six-day Web DDoS attack campaign, targeting a financial institution. It consisted of multiple waves, which lasted 4- to 12-hours, amounting to a total of 100 hours of attack time and sustaining an average of 4.5 million RPS with a peak of
14.7 million RPS.
Network-layer DDoS attack volumes increase exponentially
During the first half of 2024:
- Attack volume: Average DDoS volume blocked per organization grew by 293% in EMEA, 116% in the Americas, and 302% in APAC, compared to the same period in 2023.
- Geographic targets:
- The Americas faced 58% of global attacks and 37% of the volume, while EMEA accounted for 23% of the attacks but mitigated 56% of the global volume.
- The APAC region accounted for almost 19% of attacks and 7% of the global volume.
- Industry targets: Globally, finance organizations experienced the highest attack activity (44%), followed by healthcare (17%), technology (10%), and government (7%).
Application-layer DNS DDoS attack activity quadruples
Between January and June of 2024:
- Attack activity:
- DNS DDoS attack activity quadrupled compared to the first half of 2023.
- The number of malicious DNS queries grew by 76% compared to the total number of queries observed during all of 2023.
- Industry targets: Finance was the most targeted industry, representing 52% of the total Layer 7 DNS Flood attack activity. Healthcare, telecom, and research and education were other notable industries.
Hacktivist DDoS activity continues unabated
During the first half of 2024, the hacktivist landscape remained dynamic with constant DDoS activities. According to data gathered from Telegram:
- Number of attacks: Hacktivist-driven DDoS attacks hovered between 1,000 to 1,200 claimed attacks per month.
- Top actors claiming DDoS attacks: NoName057(16) remained the most active threat actor by a significant margin, claiming 1,902 attacks, followed by Executor DDoS (577 claimed attacks) and Cyber Army of Russia Reborn (437 claimed attacks).
- Geographic targets: Ukraine was the most targeted country with 741 claimed attacks compared to 744 attacks in all of 2023. The United States ranked second (604 claimed attacks), followed by Israel (542 claimed attacks), and India (364 claimed attacks).
- Website targets: Government websites were top hacktivist targets, especially in Ukraine, Israel and India. Business and economy followed by travel were the second and third most targeted websites respectively.
“Following the conflict between Russia and Ukraine, Telegram has continued to inspire many hacktivists and other ill-intended groups to make a move for the platform,” said Geenens. “It’s become a major hub for cyber criminals, making it easier for them to recruit volunteers, build global alliances, create and sell attack services, and exchange cryptocurrency.”
Web application and API attacks rise
During the first half of 2024:
- Number of attacks: Web application and API attacks increased by 22% compared to the second half of 2023.
- Geographic targets: The majority of web attacks (66%) were targeting applications and APIs located in North America. Applications in EMEA accounted for 23% of the attack activity.
Radware’s complete 2024 Global Threat Analysis Report can be downloaded here.
About Radware
Radware® (NASDAQ: RDWR) is a global leader in application security and delivery solutions for multi-cloud environments. The company’s cloud application, infrastructure, and API security solutions use AI-driven algorithms for precise, hands-free, real-time protection from the most sophisticated web, application, and DDoS attacks, API abuse, and bad bots. Enterprises and
carriers worldwide rely on Radware’s solutions to address evolving cybersecurity challenges and protect their brands and business operations while reducing costs. For more information, please visit the Radware website.