Radware today released its 2025 Global Threat Analysis Report.
Radware’s new report leverages intelligence provided by 2024 network and application attack activity sourced from the company’s cloud and managed services and threat intelligence research team. In addition, it draws from information found on Telegram, a public messaging platform often used by cybercriminals.
2024 report highlights:
- The average duration of network DDoS attacks increases 37% over 2023.
- North America faces 66% of web application and API attacks.
- Nearly 400% year-over-year growth in DDoS attack volume strikes finance and transportation.
- Hacktivist claims rise 20% globally; governments are top targets.
“Multiple catalysts drove the threat revolution witnessed in 2024, including geopolitical conflicts, bigger and more complex threat surfaces, and more sophisticated and persistent threats,” said Pascal Geenens, director of threat intelligence at Radware. “Add to that the impact of AI, which is lowering barriers to entry, multiplying the number of adversaries, and enabling even novice actors to successfully launch malicious campaigns, and what you have is a threat landscape that looks very daunting.”
Web DDoS attacks mount on geopolitical tensions
Layer 7 (L7) Web DDoS attacks escalated significantly, linked predominately to hacktivist groups motivated by geopolitical conflicts and facilitated by easy accessibility to more sophisticated tools. During 2024:
- Number of attacks: Total Web DDoS attacks surged 550% compared to 2023.
- Geographic targets: EMEA remained the primary target, accounting for 78% of global incidents.
Network-layer DDoS attacks become bigger and more prolonged
The volume, frequency, and duration of network DDoS attacks have more than doubled since 2022. During 2024:
- Attack volume: The average mitigated attack volume rose 120% compared to 2023.
- Attack duration: The average duration of attacks increased 37% over 2023.
- Geographic targets: Organizations in Europe faced the highest proportion of network DDoS activity, accounting for 45% of the global attack volume, followed by North America (21%).
- Industry targets: Telecommunications bore 43% of the global network DDoS attack volume, followed by finance at 30%. Growing faster than the global average of 120%, finance experienced the steepest growth in attack volume per organization, increasing 393% year-over-year, followed by transportation and logistics (375%), e-commerce (238%), and service providers (237%).
“The escalations in the threat landscape have significant implications for every sector from finance and telecommunications to government and e-commerce and beyond,” explained Geenens. “Organizations are operating in a dynamic environment that demands equally dynamic defense strategies. While bad actors don’t have to do their jobs perfectly to have a major impact, defenders do.”
Application-layer DNS DDoS attacks post unprecedented gains
Last year was a pivotal year in the evolution of L7 DNS DDoS attacks. During 2024:
- Attack activity: The amount of DNS flood queries rose 87% over 2023.
- Industry targets: The financial sector accounted for 44% of the total L7 DNS attack activity. Healthcare (13%) ranked second, followed by telecom (10%) and communications (8%).
Hacktivist campaigns intensify marked by retaliation and disruption
Propelled by political and ideological tensions, hacktivism remained a leading driver of cyberattacks. According to data gathered from Telegram in 2024:
- Number of attacks: The total number of claimed DDoS attacks increased by 20% compared to 2023.
- Geographic targets: Ukraine was the most targeted nation with 2,052 claimed attacks, followed by Israel (1,550). The United States became a prime target for DDoS-as-a-service providers.
- Industry targets: Government institutions were the top hacktivist targets, accounting for 20% of hacktivist activity, followed by business services (9%), finance (9%), and transportation (7%).
- Top claiming actors: Pro-Russian hacker NoName057(16), the most prolific threat actor in 2024, claimed 4,767 DDoS attacks, followed by RipperSec (1,388), Executor DDoS (1,002), and the Cyber Army of Russia Reborn (716).
Web applications and APIs become prime targets for exploitation
Attackers aim to profit from the expanding complexity and breadth of the threat surface in modern organizations by exploiting known vulnerabilities. In 2024:
- Number of attacks: Web application and API attacks climbed 41% compared to 2023.
- Attack vector: Vulnerability exploitation remained the most prominent attack type, comprising more than one-third of all malicious requests.
- Geographic targets: North America experienced 66% of these attacks, followed by EMEA (26%).
Radware’s complete 2025 Global Threat Analysis Report can be downloaded here.
