The Radware H1 2024 Global Threat Analysis Report provides an overview of the major cyber threats and attacks observed in the first half of 2024. The report highlights significant increases in Web Distributed Denial of Service (DDoS) attacks, Network-layer DDoS attacks, and Application-layer DNS DDoS attacks.
- Web DDoS Attacks: There was a dramatic surge in Web DDoS attacks, with some campaigns reaching up to 14.7 million requests per second (RPS). The frequency and intensity of these attacks have increased, driven by new attack vectors like HTTP/2 Rapid Reset and Continuation floods.
- Network-layer DDoS Attacks: The report notes a rise in Network-layer DDoS attacks, with the Americas, EMEA (Europe, Middle East, and Africa), and APAC (Asia-Pacific) regions experiencing varying degrees of attack volumes. The financial sector was the most targeted, accounting for 44% of these attacks.
- Application-layer DNS DDoS Attacks: DNS DDoS attacks saw a significant increase, particularly in the finance sector, which faced the highest volume of attacks. The number of malicious DNS queries has quadrupled compared to the previous year.
- Hactivist Activities: The report also highlights the dynamic nature of hactivist-driven DDoS attacks, with Ukraine, the United States, Israel, and India being among the most targeted countries. In South Asia, India was frequently targeted by hactivists from neighbouring countries, while Indian hactivists also carried out attacks against Pakistan.
- Bad Bot Activity: There was a notable rise in bad bot transactions, which are often used for activities like fraud and content scraping. North America was the most targeted region, followed by APAC and EMEA.
India was a significant focus in the report, particularly in the context of hactivist activities. India was one of the most targeted countries, facing numerous DDoS attacks from hactivist groups in South Asia. This highlights the ongoing cyber threats faced by the country, especially from neighbouring regions.
The report notes that the use of artificial intelligence (AI) has enhanced the sophistication of cyberattacks, particularly in the context of DDoS-for-hire services. Hactivists and other malicious actors are leveraging AI to bypass security measures like CAPTCHA, making attacks more efficient and harder to detect and mitigate. The growing integration of AI into these attack vectors underscores the need for advanced cybersecurity defences that can keep pace with the evolving threat landscape.
The overall trend in 2024 indicates an increasingly complex and dangerous cyber environment, driven in part by geopolitical tensions and the rising use of AI in orchestrating attacks.
To provide a meaningful comparison between the RPS (Requests Per Second) in DDoS attacks as observed in the Radware H1 2024 Global Threat Analysis Report and RPS on popular social media platforms or during significant global events, let's explore some data points:
- Radware Report: The report noted DDoS attacks reaching up to 14.7 million RPS during peak periods. These attacks are designed to overwhelm servers, significantly higher than typical traffic.
Social Media Platform RPS:
- Facebook: Facebook, one of the largest social media platforms globally, handles 2-3 million RPS on a regular basis, with spikes occurring during global events or significant updates.
- Twitter (X): Twitter manages around 500,000 to 1 million RPS during normal operations, with peaks during major events such as political elections, sports finals, or breaking news.
- Instagram: Instagram’s RPS can range between 1-2 million during major events like celebrity live streams or global product launches.
Comparison to Global Events:
- Elections: U.S. Presidential Elections: Social media platforms like Twitter and Facebook see a significant spike in traffic during U.S. elections, often reaching up to 5-10 million RPS collectively across platforms. However, individual platforms may peak at 2-3 million RPS during key moments such as debates or election night. EU Parliament Elections: During these elections, platforms like Facebook saw 2-3 million RPS, primarily in the EMEA region, which was heavily targeted in DDoS attacks as per the Radware report.
- Wars and Political Conflicts: Ukraine Conflict (2022-2024): The conflict has led to massive spikes in social media activity, particularly on Telegram and Twitter, reaching 3-4 million RPS during major developments. In comparison, the Radware report shows DDoS attacks associated with this conflict hitting 10-14 million RPS.
- Sports Events: FIFA World Cup: During the FIFA World Cup finals, platforms like Instagram and Twitter typically experience 5-7 million RPS. The peak in DDoS attacks during major sports events like Euro 2024 (hosted in Germany) is highlighted in the Radware report, showing that these events are also prime targets for cyberattacks, with similar or even higher RPS than social media traffic.
- Natural Disasters: Hurricane or Earthquake Alerts: These events often lead to rapid spikes in RPS on platforms like Twitter as people seek real-time updates, typically around 1-2 million RPS. DDoS attacks during these times can be particularly damaging, as they may exceed the RPS that platforms are accustomed to during such critical periods.
- The 14.7 million RPS observed in DDoS attacks in the Radware report far exceeds the regular traffic of most social media platforms, which generally peaks around 1-3 million RPS.
- During global events such as elections, wars, and major sports events, social media RPS can spike significantly, but still generally falls short of the extreme RPS levels seen in orchestrated DDoS attacks.
- DDoS attacks during these global events not only mirror the spikes in social media usage but can also exceed them, aiming to disrupt communication channels during critical moments.
This comparison underscores the significant scale and impact of modern DDoS attacks, especially when juxtaposed with the traffic on some of the world’s most popular digital platforms during globally significant events.
