- Layer 7 Web DDoS attacks are spiking, Radware report claims
- EMEA bore the brunt of Web DDoS attacks
- Financial institutions and transportation services suffered an almost 400% increase in DDoS attack volume
There was a noticeable increase in Web Distributed Denial of Service (DDoS) attacks in 2024, largely thanks to Artificial Intelligence (AI) lowering the barrier to entry, experts have claimed.
A report from cybersecurity experts Radware found Layer 7 Web DDoS attacks skyrocketed by 550% in 2024 compared to the previous year.
Layer 7 DDoS attacks are also known as application-layer DDoS attacks, and they target the application layer of the OSI model. Instead of overwhelming network bandwidth like traditional volumetric attacks, these attacks focus on exhausting server resources by mimicking legitimate user requests. They exploit vulnerabilities in web applications, APIs, and services by flooding them with HTTP requests, login attempts, or database queries, making it difficult to distinguish real users from malicious traffic.
More powerful, more disruptive
Radware says that the increase can be attributed to hacktivist groups leveraging AI-enhanced tools to mount more destructive attacks, easier.
“Multiple catalysts drove the threat revolution witnessed in 2024, including geopolitical conflicts, bigger and more complex threat surfaces, and more sophisticated and persistent threats,” said Pascal Geenens, director of threat intelligence at Radware.
“Add to that the impact of AI, which is lowering barriers to entry, multiplying the number of adversaries and enabling even novice actors to successfully launch malicious campaigns, and what you have is a threat landscape that looks very daunting.”
The EMEA region bore the brunt of Web DDoS attacks, the report states, claiming that it accounted for 78% of global incidents. For web application and API attacks, North America was the primary target with 66% of such incidents.
At the same time, financial institutions and transportation services suffered an almost 400% increase in DDoS attack volume, making them among the hardest-hit industries. Hacktivist-driven attacks also grew by 20% globally, with government institutions emerging as the top targets.
Beyond Web DDoS incidents, network-layer DDoS attacks have become more powerful and persistent, Radware explained. The average mitigated attack volume rose by 120% in 2024, while the average duration of attacks increased by 37%. The telecommunications sector absorbed the heaviest impact, facing 43% of global network DDoS attack volume, followed closely by finance at 30%. The financial sector was also the most targeted industry for Layer 7 DNS attacks, accounting for 44% of global activity.
“The escalations in the threat landscape have significant implications for every sector from finance and telecommunications to government and e-commerce and beyond,” Geenens added.
“Organizations are operating in a dynamic environment that demands equally dynamic defense strategies. While bad actors don’t have to do their jobs perfectly to have a major impact, defenders do.”
You might also like
- Thousands of WordPress websites hacked via plugin looking to steal user data
- We've rounded up the best password managers
- Take a look at our guide to the best authenticator app
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.