Based on the latest report from Radware , here is a comprehensive breakdown of the most significant cybersecurity threats that defined 2024. The data paints a clear picture: attacks are not only more frequent but are also more sophisticated, fueled by geopolitical events, and powered by the rapid evolution of artificial intelligence. This analysis is designed for a deep read into the trends that are shaping our digital world.
The DDoS Threat Landscape
2024 was a landmark year for DDoS attacks, characterized by a dramatic escalation in both volume and complexity. The report highlights that the scope of DDoS attacks has expanded far beyond the capability of older, static protections, demanding dynamic defense strategies.
- Web DDoS attacks surged by an astonishing 548% year-over-year compared to 2023. The intensity of these attacks grew exponentially in the first half of the year and plateaued at high levels in the second half, reflecting a sustained and aggressive threat environment. The report highlights extreme incidents, including a multi-day attack on a Middle Eastern financial institution that peaked at 14.7 million requests per second (RPS), and another that hit 16 million RPS against a major financial institution. These attacks demonstrated a clear shift toward high-intensity, application-layer threats that leverage vulnerabilities like HTTP/2 Rapid Reset.
- Europe, the Middle East, and Africa (EMEA) were the primary targets for Web DDoS attacks, accounting for a massive 78% of global incidents. This activity was often linked to geopolitical tensions, including the Russia-Ukraine conflict, as well as a significant number of elections and international sporting events in the region.
- Network DDoS attack volume increased by 120%, with attacks also becoming longer in duration. The average attack lasted over seven minutes, while "low and slow" attacks, a particularly insidious strategy designed to evade detection, increased by 38% and lasted an average of 9.7 hours in 2024, more than doubling their duration from the previous year. The report notes that UDP and DNS amplification attacks continued to dominate volumetric methods, with DNS amplification alone making up a staggering 65% of all amplification attacks.
- The financial sector was a major target, experiencing a staggering 393% increase in network DDoS volume and accounting for 44% of L7 DNS attacks. Other heavily hit sectors included telecommunications (43% of total volume), technology (11%), transportation, e-commerce, and government services.
- DDoS-for-hire services became a significant enabler of these attacks. These platforms lowered the barrier to entry for aspiring cybercriminals and were quick to weaponize new vulnerabilities, making sophisticated attacks accessible to a wider audience. The United States was identified as both the leading originator and target of network-layer traffic, reflecting a significant DDoS resource presence, with an analysis showing that the majority of attack volume for both the US and Israel originated domestically.
Web Application & API Threats
The focus of cyberattacks continued to shift from the network layer to the application layer in 2024, with attackers seeking to exploit vulnerabilities in business logic and APIs. This trend solidified as a "new norm," demanding a new approach to defense.
- The overall volume of these attacks grew by 41%, with North America experiencing the majority of incidents (66%), highlighting a strong concentration of targeted applications in developed markets. This follows an even more substantial 171% increase in 2023, solidifying this trend as the new norm.
- Vulnerability exploitation was the most common attack type, making up over a third of all malicious requests. Attackers are increasingly targeting business logic and core functionalities of applications and APIs, often emulating legitimate requests to go unnoticed and bypass traditional security measures.
- The report emphasizes the critical threat of Shadow APIs (undocumented APIs) and Zombie APIs (outdated and unmaintained APIs). These unmanaged endpoints create significant security blind spots and serve as prime entry points for unauthorized access and data exfiltration, often remaining undetected for extended periods. Their proliferation is a direct result of the rapid pace of modern application development.
The Rise of AI and Bad Bots
Artificial intelligence and automated bots were central to the evolution of cybercrime in 2024, making attacks more sophisticated and difficult to defend against. AI is now being weaponized for both advanced attacks and lowering the entry barrier for new criminals.
- Bad bot activity increased by 35%, with malicious bots accounting for 71% of all bot traffic. These bots are responsible for a wide range of activities, including account takeover, fraud, and web scraping. Bad bot activity is consistently higher in the second half of the year, aligning with high-traffic periods like Black Friday and the holiday season.
- The report highlights the emergence of sophisticated "grey bots" that aggressively scrape data from websites to train large-scale AI models without explicit permission, raising new ethical and operational challenges for data owners as the SEO landscape also evolves to prioritize content for AI processing.
- AI is being used by criminals to create highly convincing phishing scams and deepfakes, making it increasingly difficult for organizations and individuals to distinguish between authentic and fraudulent communications. The World Economic Forum warned that this level of realism demands robust awareness training and multi-layered defenses.
- AI-based hacking tools have lowered the barrier to entry, with a Bugcrowd study revealing that 77% of hackers now use generative AI tools, a significant increase from 64% the previous year. The advent of easily downloadable, pre-trained models like WormGPT and FraudGPT has made sophisticated attacks accessible to individuals with minimal technical expertise, democratizing offensive capabilities.
- The report also touches on the threat of direct attacks on AI systems themselves. By manipulating training data or forcing AI systems into unexpected behaviors, attackers can degrade service reliability or generate flawed outputs, creating concerns about data integrity and brand reputation.
Hacktivism and Alliances
Hacktivism continued to be a powerful force, with groups showing unprecedented levels of coordination and utilizing social platforms for their campaigns.
- Hacktivist activity remains a key driver of cyberattacks, with claimed DDoS attacks on Telegram increasing by 20% to over 15,000 unique claims in 2024.
- Ukraine topped the list of targeted countries with over 2,000 claimed attacks, followed by Israel and the United States. Government institutions were the primary target, accounting for 20% of all hacktivist activity.
- Pro-Russian groups like NoName057(16) were the most prolific, claiming over 4,700 attacks. They have been increasingly forming strategic alliances, including with pro-Palestinian groups to form coalitions like the "Holy League," to amplify their impact and launch multi-vector campaigns against shared adversaries. This shift from "lone wolf" to collaborative operations is a major new trend, boosting their operational effectiveness.
- Telegram's role as a hub for hacktivism was highlighted. The platform faced increased scrutiny and moderation efforts following the arrest of its CEO, yet it remains vital for coordinating operations and for the proliferation of DDoS-as-a-service offerings that leverage its bot and cryptocurrency services.