- Companies fend off nearly 5,000 malicious events per month
- Most attacked industries: technology, healthcare, finance
- Resurgence of DDoS extortion and targeted burst campaigns mark Q2’s threat landscape
MAHWAH, N.J. July 29, 2021—Radware® (NASDAQ: RDWR), a leading provider of cyber security and application delivery solutions, today announced results from its Q2 2021 DDoS Attack Report. The report revealed that second quarter blocked DDoS attack volumes were up more than 40% compared to the same period in 2020. The report provides an overview of DDoS attack trends by industry, as well as across applications and attack types.
Notable Takeaways
- On average, a company had to detect and block nearly 5,000 malicious events and a volume of 2.3TB per month during the second quarter of 2021.
- During the second quarter of 2021, the average number of blocked malicious events per company was up more than 30% and the average blocked volume per company increased by more than 40% compared to the second quarter of 2020.
- During the first half of 2021, a company located in the Americas or Europe, the Middle East and Africa (EMEA) had to repel, on average, twice as much volume compared to a company located in in Asia-Pacific (APAC). The Americas and EMEA accounted for about 80% of the blocked attack volume during that same period.
“While large ransomware attacks are capturing headlines, there are other cyber threats that companies need to pay attention to,” said Pascal Geenens, director of threat intelligence for Radware. “From an increase in DDoS extortion campaigns and DDoS hit-and-run assaults, to a hacktivist group targeting financial organizations in the Middle East, the second quarter saw a concerning amount of cyber activity compared to the activity levels we saw during the same quarter last year. The results of this report should serve as a strong reminder to enterprises that no company is immune from being a target.”
Tech Topped Most Attacked Industries
According to Radware’s Q2 2021 DDoS Attack Report, the most attacked industry in the quarter was technology, with an average of almost 3,000 attacks per company, followed by healthcare (2,000 attacks per company) and finance (1,350 attacks per company). Attacks in retail, communications and telecommunications averaged between 600 and 1,000 per company. Gaming averaged more than 400 attacks per company, while an average of approximately 280 attacks targeted government and utility organizations. In terms of blocked volume, retail endured the highest volumes in the second quarter, followed by gaming, telecommunications and technology, which blocked the second, third and fourth highest volumes respectively.
Aggressive Burst Attacks Waged Against Tech and Finance Companies
Radware’s attack report also revealed there were notable burst attacks during the second quarter of 2021. These attacks targeted companies in finance and technology. These ‘hit-and-run’ DDoS assaults use repeated short bursts of high-volume attacks and were particularly aggressive in their amplitude (attack size) and frequency (number of bursts per unit of time). One attack showed multiple consistent 80Gbps bursts, lasting two to three minutes and repeating every four minutes. This resulted in 12 attack bursts of 80Gbps within a 45-minute timeframe.
Ransom Denial-of-Service Campaigns Resurge
The second quarter saw a renewed DDoS extortion campaign by an actor posing as Fancy Lazarus. By the end of May, Radware had numerous emergency onboardings of its cloud security services from organizations that received these ransom letters. Ransom denial-of-service (RDoS) attacks, in which the victim receives a letter with a demand to pay a ransom or become the target of a DDoS attack, have been a persistent component of the DDoS threat landscape since August of 2020.
Malicious Scanners Exploit Vulnerabilities
During the second quarter of 2021, companies, on average, blocked almost 2,000 scan events by unsolicited vulnerability scanners. According to the attack report, of those scans, 40% were performed by potentially malicious scanners looking to actively exploit known vulnerabilities and attack an organization. Vulnerability scanners are automated tools that allow organizations to check if their networks and applications have security weaknesses that could expose them to attacks.
“Organizations are being challenged by well organized threat actors,” Geenens said. “The window between the disclosing and weaponizing of new vulnerabilities is getting very slim. In some cases, we observed less than 24 hours between a manufacturer publishing a patch and malicious activity trying to exploit the vulnerability.”
Radware’s full Q2 DDoS Attack Report can be found here along with charts and graphics. The data for the report is based on a sample set of Radware devices deployed in Radware’s cloud scrubbing centers and on-premise managed devices in Radware hybrid and peak protection services.
About Radware
Radware® (NASDAQ: RDWR), is a global leader of cyber security and application delivery solutions for physical, cloud, and software defined data centers. Its award-winning solutions portfolio secures the digital experience by providing infrastructure, application, and corporate IT protection and availability services to enterprises globally. Radware’s solutions empower enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity and achieve maximum productivity while keeping costs down. For more information, please visit www.radware.com.
Radware encourages you to join our community and follow us on: Facebook, LinkedIn, Radware Blog, Twitter, YouTube, and Radware Mobile for iOS and Android.
©2021 Radware Ltd. All rights reserved. Any Radware products and solutions mentioned in this press release are protected by trademarks, patents and pending patent applications of Radware in the U.S. and other countries. For more details please see: https://www.radware.com/LegalNotice/. All other trademarks and names are property of their respective owners.
THIS PRESS RELEASE AND THE RADWARE SECURITY REPORT ARE PROVIDED FOR INFORMATIONAL PURPOSES ONLY. THESE MATERIALS ARE NOT INTENDED TO BE AN INDICATOR OF RADWARE'S BUSINESS PERFORMANCE OR OPERATING RESULTS FOR ANY PRIOR, CURRENT OR FUTURE PERIOD.
Radware believes the information in this document is accurate in all material respects as of its publication date. However, the information is provided without any express, statutory, or implied warranties and is subject to change without notice.
The contents of any website or hyperlinks mentioned in this press release are for informational purposes and the contents thereof are not part of this press release.
Safe Harbor Statement
This press release includes “forward-looking statements” within the meaning of the Private Securities Litigation Reform Act of 1995. Any statements made herein that are not statements of historical fact, including statements about Radware’s plans, outlook, beliefs or opinions, are forward-looking statements. Generally, forward-looking statements may be identified by words such as “believes,” “expects,” “anticipates,” “intends,” “estimates,” “plans,” and similar expressions or future or conditional verbs such as “will,” “should,” “would,” “may” and “could.” For example, when we say that the results of this report should serve as a strong reminder to enterprises that no company is immune from being a target, we are using a forward-looking statement. Because such statements deal with future events, they are subject to various risks and uncertainties, and actual results, expressed or implied by such forward-looking statements, could differ materially from Radware’s current forecasts and estimates. Factors that could cause or contribute to such differences include, but are not limited to: the impact of global economic conditions and volatility of the market for our products; natural disasters and public health crises, such as the coronavirus disease 2019 (COVID-19) pandemic; our ability to expand our operations effectively; timely availability and customer acceptance of our new and existing solutions; risks and uncertainties relating to acquisitions or other investments; the impact of economic and political uncertainties and weaknesses in various regions of the world, including the commencement or escalation of hostilities or acts of terrorism; intense competition in the market for cyber security and application delivery solutions and in our industry in general, and changes in the competitive landscape; changes in government regulation; outages, interruptions or delays in hosting services or our internal network system; compliance with open source and third-party licenses; the risk that our intangible assets or goodwill may become impaired; our dependence on independent distributors to sell our products; long sales cycles for our solutions; changes in foreign currency exchange rates; undetected defects or errors in our products or a failure of our products to protect against malicious attacks; the availability of components and manufacturing capacity; the ability of vendors to provide our hardware platforms and components for our main accessories; our ability to protect our proprietary technology; intellectual property infringement claims made by third parties; changes in tax laws; our ability to realize our investment objectives for our cash and liquid investments; our ability to attract, train and retain highly qualified personnel; and other factors and risks over which we may have little or no control. This list is intended to identify only certain of the principal factors that could cause actual results to differ. For a more detailed description of the risks and uncertainties affecting Radware, refer to Radware’s Annual Report on Form 20-F, filed with the Securities and Exchange Commission (SEC) and the other risk factors discussed from time to time by Radware in reports filed with, or furnished to, the SEC. Forward-looking statements speak only as of the date on which they are made and, except as required by applicable law, Radware undertakes no commitment to revise or update any forward-looking statement in order to reflect events or circumstances after the date any such statement is made. Radware’s public filings are available from the SEC’s website at www.sec.gov or may be obtained on Radware’s website at www.radware.com.