DDoS Attacks on the Web Experience a Significant Increase Thanks to Artificial Intelligence Boosting Their Effectiveness.
The number of layer 7 web application DDoS attacks quintupled over the course of a year.
In 2024, there has been a notable increase in layer 7 web DDoS attacks, with a 550% rise compared to the previous year, according to a report from cybersecurity experts. These types of attacks, known as application layer DDoS, focus on exhausting server resources by simulating requests from legitimate users, rather than saturating network bandwidth as traditional volumetric attacks do. By exploiting vulnerabilities in web applications, APIs, and services, these attacks inundate with HTTP requests and login attempts, making it difficult to distinguish malicious traffic from real users.
Experts note that artificial intelligence has facilitated the launch of more destructive attacks by lowering entry barriers. Pascal Geenens, director of threat intelligence at Radware, pointed out that multiple factors, including geopolitical conflicts and more complex threat surfaces, have driven this transformation in the cybercrime landscape. The EMEA region was the most affected, with 78% of global incidents, while North America recorded 66% of the attacks targeting web applications and APIs.
Financial institutions and transportation services experienced an increase of nearly 400% in the volume of DDoS attacks, making them the most impacted sectors. Additionally, attacks driven by hacktivists grew by 20% globally, focusing on government institutions as primary targets. In the context of network DDoS attacks, Radware reported that the average volume of mitigated attacks increased by 120%, and the average attack duration rose by 37%.
The telecommunications sector suffered the greatest impact, absorbing 43% of the global volume of DDoS attacks, followed by the financial sector with 30%. The latter was also the most affected by layer 7 DNS DDoS attacks, representing 44% of global activity. Geenens concluded that these escalations in the threat landscape have significant repercussions for all sectors, from finance and telecommunications to government and e-commerce, emphasizing the need for dynamic defense strategies in a constantly changing threat environment.
