Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Web DDoS Attacks in H1 2024: A Surge in Scale and Sophistication

The first half of 2024 has seen a dramatic surge in the frequency and intensity of Web Distributed Denial of Service (DDoS) attacks. According to Radware’s Cloud Protection Services, the number of attacks mitigated in Q1 2024 rose by an astonishing 137% compared to the previous quarter, Q4 2023. This growth continued in Q2 2024, with an additional 85% increase in the number of Web DDoS attacks. This exponential rise highlights the rapidly evolving threat landscape that organisations must now navigate.

The Rise of More Intense Web DDoS Attacks

The size and scale of Web DDoS attacks have also grown significantly in 2024. While attacks under 50,000 requests per second (RPS) made up 74% of all Web DDoS attacks in 2023, this figure dropped to 55% in 2024. Conversely, the number of larger and more impactful attacks has increased, with nearly 3% of all attacks in H1 2024 surpassing 1 million RPS. Moreover, almost 17% of attacks were in the 100,000–250,000 RPS range, reflecting a shift towards more intense Web DDoS assaults.

Trends Behind the Surge in Web DDoS Attacks

Several key factors have contributed to the rapid increase in Web DDoS attacks:

  1. Political Tensions and Hacktivism in Europe
    A significant portion of Web DDoS activity, particularly in Europe, can be traced to politically motivated hacktivists. Since the onset of the conflict in Ukraine, hacktivist groups have grown more sophisticated, leveraging new tools and techniques to launch large-scale L7 (application layer) attacks on online services. These attacks target web applications and APIs, making them harder to mitigate and often more destructive.
  2. DDoS-for-Hire Services Gaining Momentum
    The rise of DDoS-for-hire services has also fueled the increase in Web DDoS attacks. These services, which allow individuals or groups to rent botnets and launch large-scale attacks, have expanded their offerings in 2023 and 2024. Hacktivists have begun renting out their botnets to third parties for financial gain, moving away from volunteer-based attacks. These services are now focusing more on L7 attack vectors, including web applications and APIs, which are becoming the primary targets for cybercriminals.
  3. Exploitation of New Vulnerabilities
    In late 2023 and early 2024, attackers quickly adopted newly disclosed vulnerabilities in the HTTP/2 protocol. The HTTP/2 Rapid Reset vulnerability, revealed in October 2023, and the HTTP/2 Continuation flood attack vector, disclosed in April 2024, have become prominent methods for launching DDoS attacks. These vectors allow attackers to overwhelm web servers with high request rates, making it difficult for traditional mitigation strategies to keep up.
  4. AI-Driven Attack Sophistication
    As attack tools become more advanced, artificial intelligence (AI) is playing an increasingly important role in Web DDoS attacks. Some DDoS-for-hire services now include AI-powered features like CAPTCHA bypass and CAPTCHA solving, allowing bots to evade common defense mechanisms. This sophistication enables attackers to maintain their assault on web applications for longer periods, increasing the likelihood of disrupting services.

The Implications of Larger Web DDoS Attacks

The shift towards larger, more intense Web DDoS attacks presents significant challenges for organisations. Attacks exceeding 1 million RPS can quickly overwhelm even well-prepared infrastructure, causing major disruptions to online services. As the size and sophistication of these attacks grow, businesses must adapt their defenses to keep pace with evolving threats.

The Importance of Proactive DDoS Mitigation

In the face of these escalating threats, having a robust DDoS protection strategy is more critical than ever. Radware’s Cloud Protection Services have been instrumental in mitigating these large-scale attacks, preventing downtime, and ensuring that legitimate users can still access critical services during an attack. As Web DDoS attacks become more frequent and severe, real-time traffic analysis, AI-driven defense solutions, and scalable mitigation techniques are essential for organisations to maintain resilience.

Contact White Arrow Technology if you are interested in knowing more about how to protect your organisation from Web DDoS attacks and other emerging cyber threats.

No responses yet

Leave a Reply

Your email address will not be published. Required fields are marked *


Latest Comments

No comments to show.
WordPress Appliance - Powered by TurnKey Linux