DDoS Attacks Are on The Rise – Organisations Must Bolster Defences
Imperva, a Thales company (@Imperva), the cybersecurity leader that protects critical applications, APIs, and data anywhere at scale, warns that as the volume of DDoS attacks continues to grow, organisations must take steps to put in place robust security measures.
Findings on the DDoS Threat Landscape Report
Key findings from the newly launched 2024 Imperva DDoS Threat Landscape Report include:
- Mitigated DDoS Attacks increased 111%: In the first half of 2024, Imperva mitigated 111% more DDoS attacks compared to the same period in
- The largest Application Layer DDoS Attack: In February 2024, an application layer DDoS attack reached an unprecedented 7 million Requests Per Second (RPS).
- DNS amplification attacks are growing: The average DNS Amplification attack bandwidth increased by 483% in the second half of
DDoS attacks remain a favoured weapon of cyber criminals due to their disruptive potential. These attacks overwhelm networks, servers, and applications with excessive traffic, leading to service outages and significant disruptions.
Despite being a longstanding threat, the volume and sophistication of DDoS attacks are still on the rise. One major factor behind this increase is the easy access to DDoS tools.
Automation has made it possible for individuals with limited technical expertise to launch substantial attacks. This democratisation has expanded the pool of potential attackers, making it more critical than ever for organisations to strengthen their defences.
From this region, Australia (5.2%), Singapore (2.9%), and Japan (2.5%) are among the top targeted countries for Application Layer DDoS attacks.
By industry, not only is the financial sector the number one target for DDoS attackers, but it is also the target of the most powerful DDoS attacks in terms of Requests per Second (RPS).
Cyber assailants were also observed targeting DDoS attacks on high-value targets where the potential gains are largest. Attacks on the financial services sector reached a combined RPS of 118 million in H1 2024, with the Business and IT sectors taking second and third place respectively.
Comparing H1 2024 with the same period last year, there has been a clear increase in DDoS attacks across several industries. The Telecom and ISP industry experienced the highest year-over-year growth, with a 548% increase in Application Layer DDoS attacks. Healthcare saw a 236% increase, and the Gaming industry witnessed a rise in attacks of 208%.
“We expect the number and intensity of DDoS attacks to continue climbing, largely due to AI lowering the attack barrier,” said Daniel Toh, Chief Solutions Architect, APJ at Imperva. “AI can automate the creation and deployment of sophisticated DDoS attacks, enabling even novice hackers to launch powerful assaults. In the foreseeable future, we anticipate more DDoS attacks powered by AI-enhanced botnets, including potential new variants of Mirai.”
According to Toh, organisations must implement active ‘always-on’ DDoS protection or, at a minimum, an ‘on-demand’ DDoS protection in place. Ideally, these protections should be backed by an elastic cloud-based service capable of handling large volumetric attacks. The DDoS protection provider should have a global presence and the capacity to mitigate high-volume and sophisticated attacks, secure applications and data, and protect beyond just DDoS and the network edge.
For best practices, organisations need to enhance cybersecurity awareness among employees and users through education and maintain open communication between security and networking teams. Additionally, the application code must be written securely from the outset.