SecurityBrief India - Technology news for CISOs & cybersecurity decision-makers
Story image
Radware reveals surge in cyber attacks in 2024 report
Fri, 8th Mar 2024

The cyber-security provider, Radware, has recently published its 2024 Global Threat Analysis Report. Throughout the past year, the world witnessed an escalating technological battle between hackers and cyber-defence teams, with one result being a significant 171% increase in malevolent web application and API transactions, primarily driven by Layer 7 Web DDoS attacks.

Pascal Geenens, Radware’s director of threat intelligence, expressed that advances, such as Generative AI, are allowing originally inexperienced threat actors to become proficient hackers, leading to an increase in cyber-attacks. He anticipates this trend to continue in 2024. The report offers insights into global network and application attack activity. It utilises shared intelligence from the Radware Cloud and Managed Services, Global Deception Network, its threat intelligence research team, and data gathered from the public messaging platform, Telegram.

Geenens highlights an alarming surge in DDoS attacks, a form of cyber-attack that has predominantly gone unpunished since Russia's invasion of Ukraine. The number of global DDoS attacks per customer increased by 94% in 2023 with variations across regions: 43% rise in the EMEA region, 196% in the Americas and a massive 260% climb in the APAC. The Americas were the target for nearly half of global DDoS attacks, yet the EMEA region mitigated 65% of the total DDoS attack volume worldwide, despite only accounting for 39% of the DDoS attacks.

The rise of hacktivism, campaigns undertaken due to geopolitical, ideological, and religious motivations, has also escalated with new strategies introduced after Russia's invasion of Ukraine in 2022. Data from Telegram demonstrates a 24% increase in hacktivist-claimed DDoS attacks during the second half of 2023. Israel was the country most affected, followed by India and the United States. Government, business, and travel websites were the most targeted categories in 2023.

One of the emerging trends from 2023 is a 'global shift in DDoS tactics,' with a significant increase in more complex web DDoS attacks and Layer 7 attacks that target online applications, their APIs, and essential infrastructure like the Domain Name System. This resulted in a more than three-fold increase in DNS query flood vectors and a 171% rise in malicious web application and API transactions compared to 2022.

The report further revealed that certain industries faced disproportionate assaults in 2023. Among these, finance, retail, and research and education were subject to the highest share of cyber-attacks due to the valuable, sensitive data they store, their potential to disrupt services and the tactical advantage they serve. Other industries such as healthcare, government, technology and finance also encountered a high number of attacks. For instance, finance and technology sectors bore 29% and 22% of the attacks respectively, approximately half of which were encrypted web attacks.

As cyber threats continue to evolve and escalate, organizations worldwide will need to stay one step ahead to mitigate attacks, protect sensitive information, and ensure continuity in their operations.