Radware’s Cyber Threat Report: Web DDoS Attacks Surge 550% in 2024

Geopolitics, growing threat surface, and AI-tech drive bigger, longer, more intense attacks

NEW DELHI, India / MAHWAH, N.J., - March 4, 2025

Radware® (NASDAQ: RDWR), a global leader in application security and delivery solutions for multi-cloud environments, released its 2025 Global Threat Analysis Report. 

Radware’s new report leverages intelligence provided by 2024 network and application attack activity sourced from the company’s cloud and managed services and threat intelligence research team. In addition, it draws from information found on Telegram, a public messaging platform often used by cybercriminals.

2024 report highlights

• The average duration of network DDoS attacks increases 37% over 2023
• North America faces 66% of web application and API attacks
• Nearly 400% year-over-year growth in DDoS attack volume strikes finance and transportation
• Hacktivist claims rise 20% globally; governments top targets

“Multiple catalysts drove the threat revolution witnessed in 2024, including geopolitical conflicts, bigger and more complex threat surfaces, and more sophisticated and persistent threats,” said Pascal Geenens, Director of Threat Intelligence at Radware. “Add to that the impact of AI, which is lowering barriers to entry, multiplying the number of adversaries and enabling even novice actors to successfully launch malicious campaigns, and what you have is a threat landscape that looks very daunting.”

Web DDoS attacks mount on geopolitical tensions
Layer 7 (L7) Web DDoS attacks escalated significantly, linked predominately to hacktivist groups motivated by geopolitical conflicts and facilitated by easy accessibility to more sophisticated tools. During 2024:

• Number of attacks: Total Web DDoS attacks surged 550% compared to 2023. 
• Geographic targets: EMEA remained the primary target, accounting for 78% of global incidents. 

Network-layer DDoS attacks become bigger and more prolonged 

The volume, frequency and duration of network DDoS attacks more than doubled since 2022. During 2024: 

• Attack volume: The average mitigated attack volume rose 120% compared to 2023.
• Attack duration: The average duration of attacks increased 37% over 2023.
• Geographic targets: Organizations in Europe faced the highest proportion of network DDoS activity, accounting for 45% of the global attack volume, followed by North America (21%). 
• Industry targets: Telecommunications bore 43% of the global network DDoS attack volume, followed by finance at 30%. Growing faster than the global average of 120%, finance experienced the steepest growth in attack volume per organization, increasing 393% year-over-year, followed by transportation and logistics (375%), e-commerce (238%), and service providers (237%).

“The escalations in the threat landscape have significant implications for every sector from finance and telecommunications to government and e-commerce and beyond,” explained Geenens. “Organizations are operating in a dynamic environment that demands equally dynamic defense strategies. While bad actors don’t have to do their jobs perfectly to have a major impact, defenders do.”

Application-layer DNS DDoS attacks post unprecedented gains 
Last year was a pivotal year in the evolution of L7 DNS DDoS attacks. During 2024:

• Attack activity: The amount of DNS flood queries rose 87% over 2023.
• Industry targets: The financial sector accounted for 44% of the total L7 DNS attack activity. Healthcare (13%) ranked second, followed by telecom (10%), and communications (8%).

Hacktivist campaigns intensify marked by retaliation and disruption

Propelled by political and ideological tensions, hacktivism remained a leading driver of cyberattacks. According to data gathered from Telegram in 2024:

• Number of attacks: The total number of claimed DDoS attacks increased by 20% compared to 2023. 
• Geographic targets: Ukraine was the most targeted nation with 2,052 claimed attacks, followed by Israel (1,550). The United States became a prime target for DDoS-as-a-service providers.
• Industry targets: Government institutions were the top hacktivist targets, accounting for 20% of hacktivist activity, followed by business services (9%), finance (9%) and transportation (7%).
• Top claiming actors: Pro-Russian hacker NoName057(16), the most prolific threat actor in 2024, claimed 4,767 DDoS attacks, followed by RipperSec (1,388), Executor DDoS (1,002) and the Cyber Army of Russia Reborn (716).

Web applications and APIs become prime targets for exploitation
Attackers aim to profit from the expanding complexity and breath of the threat surface in modern organizations by exploiting known vulnerabilities. In 2024:

• Number of attacks: Web application and API attacks climbed 41% compared to 2023.
• Attack vector: Vulnerability exploitation remained the most prominent attack type, comprising more than one-third of all malicious requests.
• Geographic targets: North America experienced 66% of these attacks, followed by EMEA (26%).

Radware’s complete 2025 Global Threat Analysis Report can be downloaded here. 

# # #

About Radware

Radware® (NASDAQ: RDWR) is a global leader in application security and delivery solutions for multi-cloud environments. The company’s cloud application, infrastructure, and API security solutions use AI-driven algorithms for precise, hands-free, real-time protection from the most sophisticated web, application, and DDoS attacks, API abuse, and bad bots. Enterprises and carriers worldwide rely on Radware’s solutions to address evolving cybersecurity challenges and protect their brands and business operations while reducing costs. For more information, please visit the Radware website

Radware encourages you to join our community and follow us on: Facebook,  LinkedIn, Radware Blog, X, YouTube, and Radware Mobile for iOS.

©2025 Radware Ltd. All rights reserved. Any Radware products and solutions mentioned in this press release are protected by trademarks, patents, and pending patent applications of Radware in the U.S. and other countries. For more details, please see: https://www.radware.com/LegalNotice/. All other trademarks and names are property of their respective owners.

THIS PRESS RELEASE AND THE RADWARE 2025 Global Threat ANALYSIS REPORT ARE PROVIDED FOR INFORMATIONAL PURPOSES ONLY. THESE MATERIALS ARE NOT INTENDED TO BE AN INDICATOR OF RADWARE'S BUSINESS PERFORMANCE OR OPERATING RESULTS FOR ANY PRIOR, CURRENT, OR FUTURE PERIOD.

Radware believes the information in this document is accurate in all material respects as of its publication date. However, the information is provided without any express, statutory, or implied warranties and is subject to change without notice.

The contents of any website or hyperlinks mentioned in this press release are for informational purposes and the contents thereof are not part of this press release.

Safe Harbor Statement 

This press release includes “forward-looking statements” within the meaning of the Private Securities Litigation Reform Act of 1995. Any statements made herein that are not statements of historical fact, including statements about Radware’s plans, outlook, beliefs, or opinions, are forward-looking statements. Generally, forward-looking statements may be identified by words such as “believes,” “expects,” “anticipates,” “intends,” “estimates,” “plans,” and similar expressions or future or conditional verbs such as “will,” “should,” “would,” “may,” and “could.” For example, when we say in this press release that organizations are operating in a dynamic environment that demands equally dynamic defense strategies, we are using forward-looking statements. Because such statements deal with future events, they are subject to various risks and uncertainties, and actual results, expressed or implied by such forward-looking statements, could differ materially from Radware’s current forecasts and estimates. Factors that could cause or contribute to such differences include, but are not limited to: the impact of global economic conditions, including as a result of the state of war declared in Israel in October 2023 and instability in the Middle East, the war in Ukraine, and the tensions between China and Taiwan; our dependence on independent distributors to sell our products; our ability to manage our anticipated growth effectively; a shortage of components or manufacturing capacity could cause a delay in our ability to fulfill orders or increase our manufacturing costs; our business may be affected by sanctions, export controls, and similar measures, targeting Russia and other countries and territories, as well as other responses to Russia’s military conflict in Ukraine, including indefinite suspension of operations in Russia and dealings with Russian entities by many multi-national businesses across a variety of industries; the ability of vendors to provide our hardware platforms and components for the manufacture of our products; our ability to attract, train, and retain highly qualified personnel; intense competition in the market for cyber security and application delivery solutions and in our industry in general, and changes in the competitive landscape; our ability to develop new solutions and enhance existing solutions; the impact to our reputation and business in the event of real or perceived shortcomings, defects, or vulnerabilities in our solutions, if our end-users experience security breaches, if our information technology systems and data, or those of our service providers and other contractors, are compromised by cyber-attackers or other malicious actors or by a critical system failure; outages, interruptions, or delays in hosting services; the risks associated with our global operations, such as difficulties and costs of staffing and managing foreign operations, compliance costs arising from host country laws or regulations, partial or total expropriation, export duties and quotas, local tax exposure, economic or political instability, including as a result of insurrection, war, natural disasters, and major environmental, climate, or public health concerns, such as the COVID-19 pandemic; our net losses in the past two years and possibility we may incur losses in the future; a slowdown in the growth of the cyber security and application delivery solutions market or in the development of the market for our cloud-based solutions; long sales cycles for our solutions; risks and uncertainties relating to acquisitions or other investments; risks associated with doing business in countries with a history of corruption or with foreign governments; changes in foreign currency exchange rates; risks associated with undetected defects or errors in our products; our ability to protect our proprietary technology; intellectual property infringement claims made by third parties; laws, regulations, and industry standards affecting our business; compliance with open source and third-party licenses; and other factors and risks over which we may have little or no control. This list is intended to identify only certain of the principal factors that could cause actual results to differ. For a more detailed description of the risks and uncertainties affecting Radware, refer to Radware’s Annual Report on Form 20-F, filed with the Securities and Exchange Commission (SEC), and the other risk factors discussed from time to time by Radware in reports filed with, or furnished to, the SEC. Forward-looking statements speak only as of the date on which they are made and, except as required by applicable law, Radware undertakes no commitment to revise or update any forward-looking statement in order to reflect events or circumstances after the date any such statement is made. Radware’s public filings are available from the SEC’s website at www.sec.gov or may be obtained on Radware’s website at www.radware.com.