AI-Powered DDoS Attacks Surge in 2024, Posing Significant Threats to Global Cybersecurity

Radware's Cyber Threat Report: Web DDoS Attacks Surge 550% in 2024

Geopolitics, growing threat surface, and AI-tech drive bigger, longer, more intense attacks Radware® (NASDAQ: RDWR), a global leader in application security and delivery solutions for multi-cloud environments, released its 2025 Global Threat Analysis Report. Radware's new report leverages intelligence provided by 2024 network and application attack activity sourced from the company's cloud and managed services and threat intelligence research team. In addition, it draws from information found on Telegram, a public messaging platform often used by cybercriminals. 2024 report highlights The average duration of network DDoS attacks increases 37% over 2023 North America faces 66% of web application and API attacks Nearly 400% year-over-year growth in DDoS attack volume strikes finance and transportation Hacktivist claims rise 20% globally; governments top targets "Multiple catalysts drove the threat revolution witnessed in 2024, including geopolitical conflicts, bigger and more complex threat surfaces, and more sophisticated and persistent threats," said Pascal Geenens, Director of Threat Intelligence at Radware. "Add to that the impact of AI, which is lowering barriers to entry, multiplying the number of adversaries and enabling even novice actors to successfully launch malicious campaigns, and what you have is a threat landscape that looks very daunting." Web DDoS attacks mount on geopolitical tensions Layer 7 (L7) Web DDoS attacks escalated significantly, linked predominately to hacktivist groups motivated by geopolitical conflicts and facilitated by easy accessibility to more sophisticated tools. During 2024: Number of attacks: Total Web DDoS attacks surged 550% compared to 2023. Geographic targets: EMEA remained the primary target, accounting for 78% of global incidents. Network-layer DDoS attacks become bigger and more prolonged The volume, frequency and duration of network DDoS attacks more than doubled since 2022. During 2024: Attack volume: The average mitigated attack volume rose 120% compared to 2023. Attack duration: The average duration of attacks increased 37% over 2023. Geographic targets: Organizations in Europe faced the highest proportion of network DDoS activity, accounting for 45% of the global attack volume, followed by North America (21%). Industry targets: Telecommunications bore 43% of the global network DDoS attack volume, followed by finance at 30%. Growing faster than the global average of 120%, finance experienced the steepest growth in attack volume per organization, increasing 393% year-over-year, followed by transportation and logistics (375%), e-commerce (238%), and service providers (237%). "The escalations in the threat landscape have significant implications for every sector from finance and telecommunications to government and e-commerce and beyond," explained Geenens. "Organizations are operating in a dynamic environment that demands equally dynamic defense strategies. While bad actors don't have to do their jobs perfectly to have a major impact, defenders do." Application-layer DNS DDoS attacks post unprecedented gains Last year was a pivotal year in the evolution of L7 DNS DDoS attacks. During 2024: Attack activity: The amount of DNS flood queries rose 87% over 2023. Industry targets: The financial sector accounted for 44% of the total L7 DNS attack activity. Healthcare (13%) ranked second, followed by telecom (10%), and communications (8%). Hacktivist campaigns intensify marked by retaliation and disruption Propelled by political and ideological tensions, hacktivism remained a leading driver of cyberattacks. According to data gathered from Telegram in 2024: Number of attacks: The total number of claimed DDoS attacks increased by 20% compared to 2023. Geographic targets: Ukraine was the most targeted nation with 2,052 claimed attacks, followed by Israel (1,550). The United States became a prime target for DDoS-as-a-service providers. Industry targets: Government institutions were the top hacktivist targets, accounting for 20% of hacktivist activity, followed by business services (9%), finance (9%) and transportation (7%). Top claiming actors: Pro-Russian hacker NoName057(16), the most prolific threat actor in 2024, claimed 4,767 DDoS attacks, followed by RipperSec (1,388), Executor DDoS (1,002) and the Cyber Army of Russia Reborn (716). Web applications and APIs become prime targets for exploitation Attackers aim to profit from the expanding complexity and breath of the threat surface in modern organizations by exploiting known vulnerabilities. In 2024: Number of attacks: Web application and API attacks climbed 41% compared to 2023. Attack vector: Vulnerability exploitation remained the most prominent attack type, comprising more than one-third of all malicious requests. Geographic targets: North America experienced 66% of these attacks, followed by EMEA (26%). Radware's complete 2025 Global Threat Analysis Report can be downloaded here. About Radware Radware® (NASDAQ: RDWR) is a global leader in application security and delivery solutions for multi-cloud environments. The company's cloud application, infrastructure, and API security solutions use AI-driven algorithms for precise, hands-free, real-time protection from the most sophisticated web, application, and DDoS attacks, API abuse, and bad bots. Enterprises and carriers worldwide rely on Radware's solutions to address evolving cybersecurity challenges and protect their brands and business operations while reducing costs.

Web DDoS attacks see major surge as AI allows more powerful attacks

Financial institutions and transportation services suffered an almost 400% increase in DDoS attack volume There was a noticeable increase in Web Distributed Denial of Service (DDoS) attacks in 2024, largely thanks to Artificial Intelligence (AI) lowering the barrier to entry, experts have claimed. A report from cybersecurity experts Radware found Layer 7 Web DDoS attacks skyrocketed by 550% in 2024 compared to the previous year. Layer 7 DDoS attacks are also known as application-layer DDoS attacks, and they target the application layer of the OSI model. Instead of overwhelming network bandwidth like traditional volumetric attacks, these attacks focus on exhausting server resources by mimicking legitimate user requests. They exploit vulnerabilities in web applications, APIs, and services by flooding them with HTTP requests, login attempts, or database queries, making it difficult to distinguish real users from malicious traffic. Radware says that the increase can be attributed to hacktivist groups leveraging AI-enhanced tools to mount more destructive attacks, easier. "Multiple catalysts drove the threat revolution witnessed in 2024, including geopolitical conflicts, bigger and more complex threat surfaces, and more sophisticated and persistent threats," said Pascal Geenens, director of threat intelligence at Radware. "Add to that the impact of AI, which is lowering barriers to entry, multiplying the number of adversaries and enabling even novice actors to successfully launch malicious campaigns, and what you have is a threat landscape that looks very daunting." The EMEA region bore the brunt of Web DDoS attacks, the report states, claiming that it accounted for 78% of global incidents. For web application and API attacks, North America was the primary target with 66% of such incidents. At the same time, financial institutions and transportation services suffered an almost 400% increase in DDoS attack volume, making them among the hardest-hit industries. Hacktivist-driven attacks also grew by 20% globally, with government institutions emerging as the top targets. Beyond Web DDoS incidents, network-layer DDoS attacks have become more powerful and persistent, Radware explained. The average mitigated attack volume rose by 120% in 2024, while the average duration of attacks increased by 37%. The telecommunications sector absorbed the heaviest impact, facing 43% of global network DDoS attack volume, followed closely by finance at 30%. The financial sector was also the most targeted industry for Layer 7 DNS attacks, accounting for 44% of global activity. "The escalations in the threat landscape have significant implications for every sector from finance and telecommunications to government and e-commerce and beyond," Geenens added. "Organizations are operating in a dynamic environment that demands equally dynamic defense strategies. While bad actors don't have to do their jobs perfectly to have a major impact, defenders do."