top of page
Search

2024's Threat Surge Isn’t “A Bad Year” — It’s the New Baseline (and Your Digital Strategy Needs to Admit That)

If your digital strategy still treats IT as an expense line to be reduced, or your MSP dominates that expense line offering exceptions over elusive value, and cybersecurity becomes a neglected “workstream” (something the security team does after the real work), Radware’s 2025 Global Threat Analysis Report is your rude awakening.


With comprehensive world wide discovery and research backing the report, 2024 didn’t just bring “more attacks.” It delivered an operational environment where disruption is industrialised, automated, and politically energised — and where the difference between surviving and failing publicly is whether your digital strategy is anchored by enduring, high-grade security design.



The signal is loud - DDoS went vertical

Web DDoS attacks weren’t up “a bit.” They rose 548.79% year-over-year compared to 2023, with the first half of 2024 surging 246.46% versus the latter half of 2023, then staying stubbornly high (another 33.42% lift in the second half versus the first).


And the attacks got bigger.

  • Attacks exceeding 1 million requests per second (RPS) were 4.4% of incidents in 2024 (up from <2% in 2023).

  • Attacks under 50,000 RPS dropped from 74% (2023) to 66% (2024).

  • The 100,000–500,000 RPS bracket grew to nearly 19% (up from 13%).


The integration of AI itself into cyber operations has introduced both opportunities and challenges. Threat actors have leveraged AI to enhance the sophistication of attacks, including the use of generative AI models to craft convincing phishing lures and develop malware. This evolution has lowered the barrier to entry for aspiring threat actors, made social engineering attacks more effective and helped seasoned threat actors more accurately identify system vulnerabilities.

Radware’s case examples are the kind of “Monday morning” that ruins quarters. A six-day campaign on a Middle East financial institution ran ten waves, 4–20 hours each, totalling 100 hours, averaging 4.5 million RPS and peaking at 14.7 million RPS — with legitimate traffic collapsing to 0.002% at worst (average 0.12%). Radware blocked over 1.25 trillion malicious requests while letting 1.5 billion legitimate ones through. Radware_Full_Year_Threat_Report…Another financial institution saw a peak of 16 million RPS, 6.5 billion total requests, in 16 minutes. Radware_Full_Year_Threat_Report…

Also: this isn’t “somewhere else’s problem.” EMEA accounted for 78% of global Web DDoS activity in 2024, with APAC at 8%. Radware_Full_Year_Threat_Report…


Network DDoS - fewer headlines, bigger pain

On the network side, the average number of attacks per customer only rose 3% in 2024 vs 2023 — but the volume per customer jumped 120%, and average duration increased 37% over 2023. Radware_Full_Year_Threat_Report…

Then there’s the nasty stealth category: “low and slow.” These events increased 38%, with an average duration of 9.7 hours (up from 4.6 hours). Radware_Full_Year_Threat_Report…

Your “average” customer experience here is sobering: in 2024 the average Radware customer mitigated 11.7TB across 10,963 attacks, involving 72,696 attack vectors — including 6,150 low-and-slow vectors averaging 9.7 hours each. (In 2023: 5.3TB, 10,602 attacks, 29,122 vectors, 4,452 low-and-slow at 4.6 hours.)


Technically, amplification is still the volume king: DNS and NTP amplification produced 92.4% of total network DDoS volume, with DNS amplification at 65% of amplification volume (NTP 27.4%, SSDP 5.31%, and the rest trailing). Radware_Full_Year_Threat_Report…

And yes — geography and industry matter. Europe represented 44.5% of global network DDoS volume (North America ~21%, Oceania 14%, Middle East 12%), while telecom absorbed 43% of global network DDoS volume and finance 30%. Radware_Full_Year_Threat_Report…


Hacktivism + Telegram = scalable disruption

Hacktivism didn’t fade — it organised. Claimed DDoS attacks on Telegram increased 20% year-on-year. Ukraine topped targets with 2,052 claimed attacks, and NoName057(16) alone posted 4,767 claims. Government institutions remained the primary target (representing 20% of hacktivist activity in 2024), followed by e-commerce/org websites (9%) and financial services (8.9%), with transportation and media/internet at 7% each, and manufacturing 6.9%. Radware_Full_Year_Threat_Report…

Telegram is not just “chat.” It’s operational infrastructure. In 2024 it fulfilled 900 U.S. government requests, sharing IP/phone data for 2,253 users — compared to just 14 requests affecting 108 users before September 30 (when sharing was limited to terrorism cases). Radware_Full_Year_Threat_Report…And Telegram’s bot automation + crypto payments have helped DDoS-as-a-service flourish, lowering the skill threshold to “can you click buttons and pay.” Radware_Full_Year_Threat_Report…


Web apps + APIs - the quiet front door that’s being kicked in

While DDoS smashes availability, web application and API attacks target compromise and extraction — and they’re accelerating: +41% in 2024 over 2023. Vulnerability exploitation made up one-third of malicious requests, with North America at 66% of these attacks and EMEA at 26%. Radware_Full_Year_Threat_Report…The report calls out shadow and zombie APIs as blind spots — undocumented or unmaintained endpoints that attackers love because defenders forget they exist. Radware_Full_Year_Threat_Report…


Bots and AI - your “traffic” is increasingly not human

Bad bot activity rose 35% in 2024 vs 2023 (after a 26% rise in 2023 vs 2022). Bad bots made up 71% of all bot traffic in 2024, with North America accounting for half of bad bot transactions. Radware_Full_Year_Threat_Report…And AI is pouring fuel on the fire: a Bugcrowd study found 71% of hackers felt AI boosted the “value” of hacking (up from 21% in 2023), and 77% used generative AI tools (up from 64%). Radware_Full_Year_Threat_Report…


So what does “enduring digital strategy” look like now?


A real digital strategy in 2026 isn’t a glossy roadmap — it’s an outcome based operating system that supports cyber resilience:


  1. Design for outcomes with attack as a constant - Functional transformation meets availability engineering, layered DDoS protection, autoscaling patterns that don’t bankrupt you, and tested “degrade gracefully” modes.


  2. Secure the app/API surface by default - API inventory (including shadow/zombie discovery), strong auth and IAM protocols - must do, schema validation, abuse detection, and business-logic protection (because attackers now emulate “legit” automation).


  3. Treat bots as a board-level fraud and IP issue - Bot management isn’t “marketing tech.” It’s revenue protection, brand protection, and data-asset protection.


  4. Operationalise threat reality - telemetry you actually use, runbooks, rehearsals, and an incident cadence that assumes weekends are not sacred.


Bottom line - 2024’s numbers, a year in lag with today's threats, are not a spike — they’re a map. If your digital strategy isn’t anchored in security architecture that assumes 14.7M–16M RPS web floods, 9.7-hour stealth drains, API abuse, and bot-heavy “traffic,” then you don’t have a strategy — you have a hope-and-pray document with formatting

Comments

bottom of page