DDoS attacks surge by 550% in 2024 due to AI & tensions

The 2025 Global Threat Analysis Report from Radware has revealed a significant increase in web DDoS attacks during 2024, attributing the rise to geopolitical tensions, an expanded threat surface, and the influence of AI technology.

According to the report, there was a 550% surge in web DDoS attacks in 2024 compared to the previous year, primarily driven by hacktivist groups engaged in geopolitical conflicts. The data indicates that the EMEA region was the most affected, with 78% of global incidents occurring there.

"Multiple catalysts drove the threat revolution witnessed in 2024, including geopolitical conflicts, bigger and more complex threat surfaces, and more sophisticated and persistent threats," said Pascal Geenens, Director of Threat Intelligence at Radware. "Add to that the impact of AI, which is lowering barriers to entry, multiplying the number of adversaries and enabling even novice actors to successfully launch malicious campaigns, and what you have is a threat landscape that looks very daunting."

In network-layer DDoS attacks, the report notes a notable increase in volume, frequency, and duration. Average mitigated attack volumes grew by 120%, while the average duration of attacks lengthened by 37% compared to 2023. European organisations faced the highest proportion of these attacks, comprising 45% of the global total, with North America following at 21%.

Certain industries were particularly targeted, with telecommunications experiencing 43% of the global network DDoS attack volume, and finance observing a 393% year-over-year escalation. The report highlights similar growth trends in the transportation and logistics (375%), e-commerce (238%), and service provider (237%) sectors.

"The escalations in the threat landscape have significant implications for every sector from finance and telecommunications to government and e-commerce and beyond," explained Geenens. "Organisations are operating in a dynamic environment that demands equally dynamic defence strategies. While bad actors don't have to do their jobs perfectly to have a major impact, defenders do."

Application-layer DNS DDoS attacks also saw significant gains, with the volume of DNS flood queries rising by 87%. The financial sector accounted for 44% of these attacks, followed by healthcare at 13% and the telecom sector at 10%.

Hacktivist activity, primarily motivated by political and ideological tensions, intensified during 2024. The report notes a 20% increase in claimed hacktivist DDoS attacks. Ukraine and Israel were among the most targeted countries, with Ukraine experiencing 2,052 claimed attacks. The report also identifies the United States as a primary target for DDoS-as-a-service providers.

Government institutions remained the top target for these attacks, contributing to 20% of the overall hacktivist activity. Other targeted sectors included business services (9%), finance (9%), and transportation (7%). Pro-Russian hacker NoName057(16) was highlighted as the most prolific threat actor of 2024, with claims of executing 4,767 DDoS attacks.

The report also pointed to a 41% increase in web application and API attacks. North America bore the majority of these at 66%, followed by EMEA at 26%. Vulnerability exploitation was the primary attack vector, constituting more than a third of all malicious requests.