Other findings: Enterprises face increasingly “professional” attackers taking charge of the cloud environment
Radware® (NASDAQ: RDWR), a leading provider of cyber security and application delivery solutions, today released its 2021-2022 Global Threat Analysis Report. The report findings underscore 2021 as the year of the web application attack. Between 2020 and 2021, the number of malicious web application requests climbed 88%, more than double the year-over-year growth rate in distributed denial-of-service (DDoS) attacks, which were up 37% over 2020.
The unprecedented increase in web application attacks did not, however, prevent DDoS from making a name for itself in 2021. The report details how last year saw multiple record-breaking DDoS attacks and ransom denial-of-service (RDoS) earn its place in the threat landscape. At the same time that big attacks were making headlines, the volume of micro floods, attacks which often go undetected, rose nearly 80% compared to 2020.
“The statistics tell a story about bad actors. They are getting smarter, more organized, and more targeted in pursuing their objectives — whether that be for money, fame, or a political cause,” said Pascal Geenens, director of threat intelligence for Radware. “In addition, cybercriminals are shifting their attack patterns — from leveraging larger attack vectors to combining multiple vectors in more complex-to-mitigate campaigns. Ransomware operators and their affiliates, which now include DDoS-for-hire actors, are working with a whole new level of professionalism and discipline — something that we have not seen before.”
Radware’s 2021-2022 Global Threat Analysis Report reviews the most important cyber security events in 2021 and provides detailed insights into DDoS and web application attack developments as well as unsolicited network scanning trends. Key takeaways from the report include:
Cloud-Scale DDoS Attacks are in the Forecast: As more businesses migrate critical resources and applications to the public cloud, attackers are adapting their tactics and techniques to match the scale of public cloud providers. While enterprises should not be immediately alarmed by reports of huge attacks, they do need to be aware that DDoS attacks are a part of their threat landscape, irrespective of their geography or industry. Companies hosting services in the public cloud need to be prepared for cloud-scale attacks.
Ransom DoS (RDoS) Gangs Take Charge: In 2020, there was an uptick in DDoS attacks against organizations that did not pay a ransom demand on time. In 2021, RDoS confirmed its pervasive presence in the DDoS threat landscape with several campaigns. This included attacks targeting VoIP providers worldwide, which sparked concern for critical infrastructure.
Ransomware Operators Turn to Triple Extortion: In 2021, more sophisticated and better organized operators advanced their tactics, adding more extortion capabilities to their arsenal. To bring reluctant victims back to the negotiating table, they launched triple extortion campaigns by combining not only cryptolocking and data leaks, but also DDoS attacks. As a result, the flourishing underground economy supported by ransomware operators is seeing a new demand for DDoS-for-hire services.
Micro Floods Make a Big Showing: While the number of large attack vectors (above 10Gbps) declined 5% between 2020 and 2021, micro floods (less than 1Gbps) and application-level attacks rose nearly 80% higher. By shrewdly combining a large number of micro floods over longer periods of time, attackers put organizations at greater risk of having to constantly increase infrastructure resources, such as bandwidth, and network and server processing, until the service can become cost prohibitive.
Other key results from the 2021-2022 Global Threat Analysis Report include:
In 2021, the number of malicious DDoS events increased by 37% per customer compared to 2020. Europe, the Middle East, and Africa (EMEA) and the Americas each accounted for 40% of the attack volume in 2021, while the Asia Pacific region accounted for 20%.
Average 2021 DDoS attack volumes per customer grew by 26% in 2021 compared to 2020.
The top attacked industries in 2021 were gaming and retail, each accounting for 22% of the attack volume on a normalized basis. These two industries were followed by the government (13%), healthcare (12%), technology (9%), and finance (6%).
Web Application Attacks
The number of malicious web application requests grew 88% from 2020 to 2021. Broken access control and injection attacks represented more than 75% of web application attacks.
The most attacked industries in 2021 were banking and finance, along with SaaS providers, together accounting for more than 28% of web application attacks. Retail and high-tech industries ranked third and fourth, each with almost 12% of the web security events, followed by manufacturing (9%), government (6%), carriers (6%), and transportation (5%).
Radware’s complete 2021-2022 Global Threat Analysis Report can be downloaded here. The report leverages intelligence provided by network and application attack activity sourced from Radware’s Cloud and Managed Services, Global Deception Network, and threat research team.
Radware® (NASDAQ: RDWR) is a global leader of cyber security and application delivery solutions for physical, cloud, and software defined data centers. Its award-winning solutions portfolio secures the digital experience by providing infrastructure, application, and corporate IT protection, and availability services to enterprises globally. Radware’s solutions empower enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity, and achieve maximum productivity while keeping costs down. For more information, please visit the Radware website.
Radware encourages you to join our community and follow us on: Facebook, LinkedIn, Radware Blog, Twitter, YouTube, and Radware Mobile for iOS and Android.
©2022 Radware Ltd. All rights reserved. Any Radware products and solutions mentioned in this press release are protected by trademarks, patents, and pending patent applications of Radware in the U.S. and other countries. For more details, please see: https://www.radware.com/LegalNotice/. All other trademarks and names are property of their respective owners.
THIS PRESS RELEASE AND THE RADWARE GLOBAL THREAT ANALYSIS REPORT ARE PROVIDED FOR INFORMATIONAL PURPOSES ONLY. THESE MATERIALS ARE NOT INTENDED TO BE AN INDICATOR OF RADWARE'S BUSINESS PERFORMANCE OR OPERATING RESULTS FOR ANY PRIOR, CURRENT, OR FUTURE PERIOD.
Radware believes the information in this document is accurate in all material respects as of its publication date. However, the information is provided without any express, statutory, or implied warranties and is subject to change without notice.
The contents of any website or hyperlinks mentioned in this press release are for informational purposes and the contents thereof are not part of this press release.
Safe Harbor Statement
This press release includes “forward-looking statements” within the meaning of the Private Securities Litigation Reform Act of 1995. Any statements made herein that are not statements of historical fact, including statements about Radware’s plans, outlook, beliefs, or opinions, are forward-looking statements. Generally, forward-looking statements may be identified by words such as “believes,” “expects,” “anticipates,” “intends,” “estimates,” “plans,” and similar expressions or future or conditional verbs such as “will,” “should,” “would,” “may,” and “could.” For example, when we say that attackers are combining multiple vectors in more complex-to-mitigate campaigns and that ransomware operators and their affiliates, which now include DDoS-for-hire actors, are working with whole new level of professionalism, we are using a forward-looking statement. Because such statements deal with future events, they are subject to various risks and uncertainties, and actual results, expressed or implied by such forward-looking statements, could differ materially from Radware’s current forecasts and estimates. Factors that could cause or contribute to such differences include, but are not limited to: the impact of global economic conditions and volatility of the market for our products; natural disasters and public health crises, such as the coronavirus disease 2019 (COVID-19) pandemic; our ability to successfully implement our strategic initiative to accelerate our cloud business; our ability to expand our operations effectively; timely availability and customer acceptance of our new and existing solutions; risks and uncertainties relating to acquisitions or other investments; the impact of economic and political uncertainties and weaknesses in various regions of the world, including the commencement or escalation of hostilities or acts of terrorism; intense competition in the market for cyber security and application delivery solutions and in our industry in general, and changes in the competitive landscape; changes in government regulation; outages, interruptions, or delays in hosting services or our internal network system; compliance with open source and third-party licenses; the risk that our intangible assets or goodwill may become impaired; our dependence on independent distributors to sell our products; long sales cycles for our solutions; changes in foreign currency exchange rates; undetected defects or errors in our products or a failure of our products to protect against malicious attacks; the availability of components and manufacturing capacity; the ability of vendors to provide our hardware platforms and components for our main accessories; our ability to protect our proprietary technology; intellectual property infringement claims made by third parties; changes in tax laws; our ability to realize our investment objectives for our cash and liquid investments; our ability to attract, train, and retain highly qualified personnel; and other factors and risks over which we may have little or no control. This list is intended to identify only certain of the principal factors that could cause actual results to differ. For a more detailed description of the risks and uncertainties affecting Radware, refer to Radware’s Annual Report on Form 20-F, filed with the Securities and Exchange Commission (SEC) and the other risk factors discussed from time to time by Radware in reports filed with, or furnished to, the SEC. Forward-looking statements speak only as of the date on which they are made and, except as required by applicable law, Radware undertakes no commitment to revise or update any forward-looking statement in order to reflect events or circumstances after the date any such statement is made. Radware’s public filings are available from the SEC’s website at www.sec.gov or may be obtained on Radware’s website at www.radware.com.