Home News Radware Report: Malicious Web Application Attacks Climb 88%
Our website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Radware Report: Malicious Web Application Attacks Climb 88%

by wrich

Other findings: Enterprises face increasingly “professional” attackers taking charge of the cloud  environment    

MAHWAH, N.J. March 10, 2022—Radware® (NASDAQ: RDWR), a leading provider of cyber security  and application delivery solutions, today released its 2021-2022 Global Threat Analysis Report. The  report findings underscore 2021 as the year of the web application attack. Between 2020 and 2021,  

the number of malicious web application requests climbed 88%, more than double the year-over year growth rate in distributed denial-of-service (DDoS) attacks, which were up 37% over 2020. 

The unprecedented increase in web application attacks did not, however, prevent DDoS from  making a name for itself in 2021. The report details how last year saw multiple record-breaking  DDoS attacks and ransom denial-of-service (RDoS) earn its place in the threat landscape. At the  same time that big attacks were making headlines, the volume of micro floods, attacks which often go undetected, rose nearly 80% compared to 2020. 

“The statistics tell a story about bad actors. They are getting smarter, more organized, and more  targeted in pursuing their objectives — whether that be for money, fame, or a political cause,” said  Pascal Geenens, director of threat intelligence for Radware. “In addition, cybercriminals are shifting  their attack patterns — from leveraging larger attack vectors to combining multiple vectors in more  complex-to-mitigate campaigns. Ransomware operators and their affiliates, which now include  DDoS-for-hire actors, are working with a whole new level of professionalism and discipline — something that we have not seen before.” 

Radware’s 2021-2022 Global Threat Analysis Report reviews the most important cyber security  events in 2021 and provides detailed insights into DDoS and web application attack developments  as well as unsolicited network scanning trends. Key takeaways from the report include: 

  • Cloud-Scale DDoS Attacks are in the Forecast: As more businesses migrate critical resources  and applications to the public cloud, attackers are adapting their tactics and techniques to  match the scale of public cloud providers. While enterprises should not be immediately alarmed by reports of huge attacks, they do need to be aware that DDoS attacks are a part  of their threat landscape, irrespective of their geography or industry. Companies hosting  services in the public cloud need to be prepared for cloud-scale attacks. 
  • Ransom DoS (RDoS) Gangs Take Charge: In 2020, there was an uptick in DDoS attacks  against organizations that did not pay a ransom demand on time. In 2021, RDoS confirmed  its pervasive presence in the DDoS threat landscape with several campaigns. This included attacks targeting VoIP providers worldwide, which sparked concern for critical  infrastructure.
  • Ransomware Operators Turn to Triple Extortion: In 2021, more sophisticated and better  organized operators advanced their tactics, adding more extortion capabilities to their  arsenal. To bring reluctant victims back to the negotiating table, they launched triple  extortion campaigns by combining not only cryptolocking and data leaks, but also DDoS  attacks. As a result, the flourishing underground economy supported by ransomware  operators is seeing a new demand for DDoS-for-hire services.  
  • Micro Floods Make a Big Showing: While the number of large attack vectors (above  10Gbps) declined 5% between 2020 and 2021, micro floods (less than 1Gbps) and application-level attacks rose nearly 80% higher. By shrewdly combining a large number of micro floods over longer periods of time, attackers put organizations at greater risk of  having to constantly increase infrastructure resources, such as bandwidth, and network and  server processing, until the service can become cost prohibitive.  

Other key results from the 2021-2022 Global Threat Analysis Report include: 

DDoS Attacks 

In 2021, the number of malicious DDoS events increased by 37% per customer compared to 2020.  Europe, the Middle East, and Africa (EMEA) and the Americas each accounted for 40% of the attack  volume in 2021, while the Asia Pacific region accounted for 20%.  

Average 2021 DDoS attack volumes per customer grew by 26% in 2021 compared to 2020. 

The top attacked industries in 2021 were gaming and retail, each accounting for 22% of the attack  volume on a normalized basis. These two industries were followed by the government (13%),  healthcare (12%), technology (9%), and finance (6%). 

Web Application Attacks 

The number of malicious web application requests grew 88% from 2020 to 2021. Broken access  control and injection attacks represented more than 75% of web application attacks.  

The most attacked industries in 2021 were banking and finance, along with SaaS providers,  together accounting for more than 28% of web application attacks. Retail and high-tech industries  ranked third and fourth, each with almost 12% of the web security events, followed by  manufacturing (9%), government (6%), carriers (6%), and transportation (5%). 

Radware’s complete 2021-2022 Global Threat Analysis Report can be downloaded here. The report  leverages intelligence provided by network and application attack activity sourced from Radware’s  Cloud and Managed Services, Global Deception Network, and threat research team. 


You may also like