The number of DDoS attacks more than doubled globally last year, according to the 2024 DDoS Threat Landscape report from Imperva.
Up by 111%, the attacks were driven largely by geopolitical tensions, Imperva said, with researchers observing notable surges in attacks on Ukraine, up by 519%, and Israel, where they rose by 118%.
In February, the year's most significant Layer 7 DDoS attack targeted an Indonesian gaming site with 4.7 million requests per second from 1,700 IPs in Canada, India, and the US.
Others included an attack against an online retail site in Romania measuring four million requests per second, and an attack on a Chinese entertainment site that lasted nearly five hours.
During the first half of 2024, researchers said the most targeted industries were financial Services and telecoms and ISPs. Together, they accounted for nearly 60% of all Layer 7 DDoS attacks.
"Cyber attacks against Internet Service Providers (ISPs) pose a serious and persistent threat to organizations and public authorities," the study noted.
"ISPs are considered national critical infrastructure, providing internet services to businesses and individuals to keep services online and the economy functioning. For these reasons, ISPs are a top target for cyber criminals intent on causing maximum disruption."
US remains the top target for DDoS attacks
The US remains the top target for DDoS attacks, accounting for nearly half of all application layer attacks in the first half of 2024, with Brazil, the UK, and Australia also hit hard.
Imperva warned it's also seen two new major application layer DDoS attack vectors.
HTTP/2 Rapid Reset is a relatively new type of attack, first seen in 2023, and allowing http clients to open a stream and cancel it immediately afterward. This, when done in large numbers, can overload the server.
The second, HTTP/2 Continuation Frame Attacks, exploit vulnerabilities in the HTTP/2 protocol by sending continuous streams of small, fragmented requests to overwhelm servers, allowing attackers to bypass traditional defenses and cause significant disruption with relatively low traffic volumes.
"The increase in these sophisticated attacks highlights the evolving threat landscape and the need for enhanced security measures to protect critical infrastructure," Imperva said.
Meanwhile, according to the report, DNS attacks have skyrocketed, increasing by 215%, with the average size of DNS amplification attacks increasing by 483%.
Accounting for only 6% of all network DDoS attacks in the first half of 2022, DNS DDoS attacks amounted to more than 21% of network DDoS attacks in the first half of 2024.
Looking ahead, Imperva warned organizations to be on the lookout for election-related DDoS attacks, Mirai botnet variants, and changes in hacking groups.
Similarly, the cybersecurity firm warned that the use of AI by threat actors is also accelerating both the frequency and scale of DDoS attacks.
"AI makes it easier for less-skilled attackers to exploit new vulnerabilities quickly. For instance, AI tools can automate the creation and deployment of sophisticated DDoS attacks, allowing even novice hackers to launch powerful attacks."
