Worldwide geopolitical tensions drive attacks with emphasis on the application infrastructure
News Highlights
In the first half of 2024:
- Application-Layer DNS DDoS attack activity quadruples compared to the first half of 2023
- North American online applications and APIs shoulder 66% of web attacks
- EMEA organizations face more than 90% of web DDoS attacks
- Finance organizations experience 44% of network-layer DDoS attacks
- The average number of Pro-Russian attacks targeting Ukraine doubles compared to the average number in 2023
MAHWAH, N.J., Aug. 15, 2024 (GLOBE NEWSWIRE) -- Radware® (NASDAQ: RDWR), a global leader in application security and delivery solutions for multi-cloud environments, released its H1 2024 Global Threat Analysis Report.
“During the first half of 2024, high-intensity, volumetric attacks surged, marked by a growing emphasis on the application infrastructure,” said Pascal Geenens, Radware’s director of threat intelligence. “World-wide geopolitical tensions, including conflicts in Europe and the Middle East, as well as international events, like country elections, Eurovision, UEFA Euro, and the Olympics, continue to drive malicious activity. In the back half of the year, we expect attacks to continue to climb, as more threat actors adopt AI technology democratized through increasingly powerful and publicly available large language models. The gravity of the upcoming election in the United States and concerns over decelerating financial markets are also set to fuel cyber disruption.”
Radware’s report leverages intelligence provided by network and application attack activity sourced from the company’s Cloud and Managed Services and threat intelligence research team. In addition, it draws from information found on Telegram, a public messaging platform often used by cybercriminals.
Web DDoS attacks climb more than 200%
Web DDoS attacks made significant gains in frequency and intensity.
- Number of attacks: In the first half of 2024, Web DDoS attacks surged globally 265% compared to the second half of 2023.
- Geographic targets: Organizations in EMEA were the primary target of Web DDoS attacks between January and June of 2024, shouldering more than 90% of the attacks.
Recently, Radware reported a record-breaking six-day Web DDoS attack campaign, targeting a financial institution. It consisted of multiple waves, which lasted 4- to 12-hours, amounting to a total of 100 hours of attack time and sustaining an average of 4.5 million RPS with a peak of 14.7 million RPS.
Network-layer DDoS attack volumes increase exponentially
During the first half of 2024:
- Attack volume: Average DDoS volume blocked per organization grew by 293% in EMEA, 116% in the Americas, and 302% in APAC, compared to the same period in 2023.
- Geographic targets:
- The Americas faced 58% of global attacks and 37% of the volume, while EMEA accounted for 23% of the attacks but mitigated 56% of the global volume.
- The APAC region accounted for almost 19% of attacks and 7% of the global volume.
- Industry targets: Globally, finance organizations experienced the highest attack activity (44%), followed by healthcare (17%), technology (10%), and government (7%).
Application-layer DNS DDoS attack activity quadruples
Between January and June of 2024:
- Attack activity:
- DNS DDoS attack activity quadrupled compared to the first half of 2023.
- The number of malicious DNS queries grew by 76% compared to the total number of queries observed during all of 2023.
- Industry targets: Finance was the most targeted industry, representing 52% of the total Layer 7 DNS Flood attack activity. Healthcare, telecom, and research and education were other notable industries.
Hacktivist DDoS activity continues unabated
During the first half of 2024, the hacktivist landscape remained dynamic with constant DDoS activities. According to data gathered from Telegram:
- Number of attacks: Hacktivist-driven DDoS attacks hovered between 1,000 to 1,200 claimed attacks per month.
- Top actors claiming DDoS attacks: NoName057(16) remained the most active threat actor by a significant margin, claiming 1,902 attacks, followed by Executor DDoS (577 claimed attacks) and Cyber Army of Russia Reborn (437 claimed attacks).
- Geographic targets: Ukraine was the most targeted country with 741 claimed attacks compared to 744 attacks in all of 2023. The United States ranked second (604 claimed attacks), followed by Israel (542 claimed attacks), and India (364 claimed attacks).
- Website targets: Government websites were top hacktivist targets, especially in Ukraine, Israel and India. Business and economy followed by travel were the second and third most targeted websites respectively.
“Following the conflict between Russia and Ukraine, Telegram has continued to inspire many hacktivists and other ill-intended groups to make a move for the platform,” said Geenens. “It’s become a major hub for cyber criminals, making it easier for them to recruit volunteers, build global alliances, create and sell attack services, and exchange cryptocurrency.”
Web application and API attacks rise
During the first half of 2024:
- Number of attacks: Web application and API attacks increased by 22% compared to the second half of 2023.
- Geographic targets: The majority of web attacks (66%) were targeting applications and APIs located in North America. Applications in EMEA accounted for 23% of the attack activity.
Radware’s complete 2024 Global Threat Analysis Report can be downloaded here.
About Radware
Radware® (NASDAQ: RDWR) is a global leader in application security and delivery solutions for multi-cloud environments. The company’s cloud application, infrastructure, and API security solutions use AI-driven algorithms for precise, hands-free, real-time protection from the most sophisticated web, application, and DDoS attacks, API abuse, and bad bots. Enterprises and carriers worldwide rely on Radware’s solutions to address evolving cybersecurity challenges and protect their brands and business operations while reducing costs. For more information, please visit the Radware website.
Radware encourages you to join our community and follow us on: Facebook, LinkedIn, Radware Blog, X, YouTube, and Radware Mobile for iOS.
©2024 Radware Ltd. All rights reserved. Any Radware products and solutions mentioned in this press release are protected by trademarks, patents, and pending patent applications of Radware in the U.S. and other countries. For more details, please see: https://www.radware.com/LegalNotice/. All other trademarks and names are property of their respective owners.
THIS PRESS RELEASE AND THE RADWARE H1 2024 GLOBAL THREAT ANALYSIS REPORT ARE PROVIDED FOR INFORMATIONAL PURPOSES ONLY. THESE MATERIALS ARE NOT INTENDED TO BE AN INDICATOR OF RADWARE'S BUSINESS PERFORMANCE OR OPERATING RESULTS FOR ANY PRIOR, CURRENT, OR FUTURE PERIOD.
Radware believes the information in this document is accurate in all material respects as of its publication date. However, the information is provided without any express, statutory, or implied warranties and is subject to change without notice.
The contents of any website or hyperlinks mentioned in this press release are for informational purposes and the contents thereof are not part of this press release.
Safe Harbor Statement
This press release includes “forward-looking statements” within the meaning of the Private Securities Litigation Reform Act of 1995. Any statements made herein that are not statements of historical fact, including statements about Radware’s plans, outlook, beliefs, or opinions, are forward-looking statements. Generally, forward-looking statements may be identified by words such as “believes,” “expects,” “anticipates,” “intends,” “estimates,” “plans,” and similar expressions or future or conditional verbs such as “will,” “should,” “would,” “may,” and “could.” For example, when we say in this press release that in the back half of the year, we expect attacks to continue to climb, as more threat actors adopt AI technology democratized through increasingly powerful and publicly available large language models, we are using forward-looking statements. Because such statements deal with future events, they are subject to various risks and uncertainties, and actual results, expressed or implied by such forward-looking statements, could differ materially from Radware’s current forecasts and estimates. Factors that could cause or contribute to such differences include, but are not limited to: the impact of global economic conditions, including as a result of the state of war declared in Israel in October 2023 and instability in the Middle East, the war in Ukraine, and the tensions between China and Taiwan; our dependence on independent distributors to sell our products; our ability to manage our anticipated growth effectively;a shortage of components or manufacturing capacity could cause a delay in our ability to fulfill orders or increase our manufacturing costs; our business may be affected by sanctions, export controls, and similar measures, targeting Russia and other countries and territories, as well as other responses to Russia’s military conflict in Ukraine, including indefinite suspension of operations in Russia and dealings with Russian entities by many multi-national businesses across a variety of industries; the ability of vendors to provide our hardware platforms and components for the manufacture of our products; our ability to attract, train, and retain highly qualified personnel; intense competition in the market for cyber security and application delivery solutions and in our industry in general, and changes in the competitive landscape; our ability to develop new solutions and enhance existing solutions; the impact to our reputation and business in the event of real or perceived shortcomings, defects, or vulnerabilities in our solutions, if our end-users experience security breaches, if our information technology systems and data, or those of our service providers and other contractors, are compromised by cyber-attackers or other malicious actors or by a critical system failure; outages, interruptions, or delays in hosting services; the risks associated with our global operations, such as difficulties and costs of staffing and managing foreign operations, compliance costs arising from host country laws or regulations, partial or total expropriation, export duties and quotas, local tax exposure, economic or political instability, including as a result of insurrection, war, natural disasters, and major environmental, climate, or public health concerns, such as the COVID-19 pandemic; our net losses in the past two years and possibility we may incur losses in the future; a slowdown in the growth of the cyber security and application delivery solutions market or in the development of the market for our cloud-based solutions; long sales cycles for our solutions; risks and uncertainties relating to acquisitions or other investments; risks associated with doing business in countries with a history of corruption or with foreign governments; changes in foreign currency exchange rates; risks associated with undetected defects or errors in our products; our ability to protect our proprietary technology; intellectual property infringement claims made by third parties; laws, regulations, and industry standards affecting our business; compliance with open source and third-party licenses; and other factors and risks over which we may have little or no control. This list is intended to identify only certain of the principal factors that could cause actual results to differ. For a more detailed description of the risks and uncertainties affecting Radware, refer to Radware’s Annual Report on Form 20-F, filed with the Securities and Exchange Commission (SEC), and the other risk factors discussed from time to time by Radware in reports filed with, or furnished to, the SEC. Forward-looking statements speak only as of the date on which they are made and, except as required by applicable law, Radware undertakes no commitment to revise or update any forward-looking statement in order to reflect events or circumstances after the date any such statement is made. Radware’s public filings are available from the SEC’s website at www.sec.gov or may be obtained on Radware’s website at www.radware.com.