Cyberattacks escalated significantly in 2024, with web distributed denial-of-service (DDoS) attacks rising by 550% year-over-year, according to Radware’s 2025 Global Threat Analysis Report. The surge has been attributed to geopolitical conflicts, the growing complexity of digital infrastructure, and the increasing use of AI-driven attack tools.
The findings, based on Radware’s analysis of network and application attack data from its cloud and managed services, highlight the expanding cyber threat landscape. Intelligence from cybercriminal activity on Telegram, a platform frequently used for illicit coordination, was also factored into the report.
“Multiple catalysts drove the threat revolution witnessed in 2024, including geopolitical conflicts, bigger and more complex threat surfaces, and more sophisticated and persistent threats,” said Radware’s threat intelligence director Pascal Geenens. “Add to that the impact of AI, which is lowering barriers to entry, multiplying the number of adversaries and enabling even novice actors to successfully launch malicious campaigns, and what you have is a threat landscape that looks very daunting.”
Geopolitical tensions and hacktivist activity drive attack surge
Hacktivist activity linked to geopolitical tensions has intensified web-based DDoS attacks, with the Europe, Middle East, and Africa (EMEA) region accounting for 78% of global incidents. The growing availability of advanced attack tools has enabled cybercriminal groups to launch more sophisticated and prolonged disruptions.
Network-layer DDoS attacks have also seen a significant escalation in both volume and duration, reflecting a broader trend of more aggressive cyber tactics. The average mitigated attack volume increased by 120% year-over-year, while the average duration of attacks grew by 37%. European organisations experienced the most significant impact, facing 45% of the global network DDoS activity, followed by North America at 21%.
Industries facing the highest number of attacks included telecommunications, which accounted for 43% of global network DDoS incidents, and finance, which saw 30% of attacks. The financial sector recorded the steepest growth in attack volume, experiencing a 393% increase year-over-year, with transportation and logistics (375%), e-commerce (238%), and service providers (237%) also reporting significant spikes.
Application-layer DNS DDoS attacks have intensified, marking a shift in cybercriminal tactics. The report revealed an 87% year-over-year increase in DNS flood queries, pointing to a growing reliance on sophisticated attack methods. The financial sector was the primary target, accounting for 44% of total L7 DNS attacks, while healthcare (13%), telecommunications (10%), and communications (8%) were also heavily impacted.
Politically and ideologically motivated cyberattacks have continued to rise, with hacktivist campaigns becoming more widespread. Data gathered from Telegram in 2024 indicated a 20% increase in the total number of claimed DDoS attacks compared to 2023.
Ukraine remained the most frequently targeted nation, recording 2,052 claimed DDoS incidents, followed by Israel with 1,550 attacks. The US also saw a rise in attacks, particularly from DDoS-as-a-service operators. Government institutions were the most common targets, accounting for 20% of hacktivist attacks, followed by business services (9%), finance (9%), and transportation (7%).
Among the most active cybercriminal groups, the pro-Russian hacker collective NoName057(16) emerged as the most prolific, claiming responsibility for 4,767 DDoS attacks. Other notable groups included RipperSec (1,388 attacks), Executor DDoS (1,002 attacks), and the Cyber Army of Russia Reborn (716 attacks).
As organisations expand their digital footprints, web applications and APIs have become primary targets for cybercriminals. Attackers have exploited vulnerabilities in these systems, leading to a 41% year-over-year increase in web application and API attacks.
Vulnerability exploitation was the most frequently used attack method, making up more than one-third of all malicious requests. North America experienced 66% of all web application and API attacks, followed by EMEA at 26%.
Last month, Cloudflare disclosed that its autonomous defence systems blocked 21.3 million DDoS attacks in 2024, representing a 53% increase compared to the previous year. According to the company’s 20th DDoS Threat Report, the average mitigation rate stood at 4,870 attacks per hour, with a significant rise in hyper-volumetric attacks, which are designed to overwhelm network infrastructure with massive traffic surges.
Read more: Cloudflare blocks 21.3 million DDoS attacks in 2024, reports record 53% surge
