Radware report shows DDoS and web app security application attacks rising sharply

Radware’s Q3 DDoS and Application Attack Report discloses that blocked DDoS events rose by 75 percent in the first nine months of 2021 compared to 2020, while blocked web application security events doubled every quarter in 2021.

Web application security violations align with the OWASP Foundation’s new 2021 top 10 list, while sectors suffering the most DDoS attacks were technology, healthcare and communications.


The report provides an overview of the DDoS attack landscape, application attack developments, and unsolicited network scanning trends. The data for the report analysesnetwork and application attack activity sourced from Radware’s cloud and managedservices, and Radware’s Global Deception Network.


“More DDoS attacks were blocked during the first nine months of 2021 than all of 2020,” said Pascal Geenens, director of threat intelligence for Radware.


“During the third quarter, DDoS records for large volumetric attacks were broken acrossthree continents. At the same time, phantom floods, or micro attacks that typically flybelow the radar, increased. The reality is that organisations need more granulardetection and multi-layer defences to protect against stealthier and more complex DDoSattacks.”


DDoS attacks rise


Yearly trends:   The number of malicious events blocked by Radware’s DDoS mitigationsolution was up 75 percent during the first nine months of 2021 compared to the sameperiod in 2020. And the total volume blocked in the first nine months of 2021 was 44 percenthigher than the same period in 2020.


Quarterly trends:  Although the total number of events per company for the third quarterwas slightly below previous quarters in 2021, the number stayed above the highestquarterly level recorded in 2020.


Industry trends:  The most attacked industry in the third quarter was technology, with anaverage of 2,638 attacks per company, followed by healthcare (1,785 attacks per company),communications (1,525 attacks per company), and finance (1,337 attacks per company).


Web application attacks double


Yearly trends:  Web application attacks based on known vulnerabilities and techniques areramping up quickly. The number of blocked web security events per company doubledevery quarter for the first three quarters of 2021.


Quarterly trends:  The third quarter of 2021 accounted for 2.1 million blocked security eventsper company per quarter, or an average of 700,000 blocked security events per month percompany.


Predictable resource location attacks, the most important security violation in the thirdquarter, was witnessed twice as often as SQL injection, the second-most violation,followed by code injection attacks and cross-site scripting attacks. The top twoviolations reported in the third quarter are aligned with the top web application securityconcerns as reported in the OWASP Foundation’s recently published 2021 top 10 list.


Industry trends:  In the third quarter of 2021, the most attacked industry was banking and finance, which accounted for almost 23% of blocked web security events, followed bygovernment (16%), technology (15%), and retail and wholesale trading (12%).


Unsolicited network scanning and attack activity surges


Quarterly trends:  Third quarter unsolicited scanning activity as recorded by Radware’sGlobal Deception Network peaked at 27 million events per day, representing the secondhighest level during 2021.


According to Geenens, “Network scanning and attack activity was marked byopportunistic and random scanning that constitutes a large part of the vulnerability andexploit threat landscape.


“Malicious actors continuously leverage old and freshly disclosed vulnerabilities such asremote command execution and command injection exploits that are easy to integrateinto existing malware and exploit tools. Along with the evolution in cloud resources andservices, there is no more hiding on the internet. Every deep corner of the internet getsinventoried in convenient IoT search engines.”


Radware’s complete Q3 DDoS and Application Attack Report can be downloaded  here.