Radware H1 2023 Report: Malicious Web Application Transactions Skyrocket 500%

  • DoS attack patterns shift to layer 7, essential infrastructure and cloud-based operations
  • DNS Flood attacks surge
  • Government, business/economy, and travel websites face the most hacktivist claimed DDoS attacks worldwide

MAHWAH, N.J., Aug. 24, 2023 (GLOBE NEWSWIRE) -- Radware® (NASDAQ: RDWR), a leading provider of cyber security and application delivery solutions, released its First Half 2023 Global Threat Analysis Report. The comprehensive report leverages intelligence provided by network and application attack activity sourced from Radware’s Cloud and Managed Services, Global Deception Network, and threat intelligence research team. In addition, it draws from information found on Telegram, a public messaging platform often used by cybercriminals.

Radware’s director of threat intelligence Pascal Geenens commented, “The narrative for the threat landscape in 2023 is clear: a significant shift is taking place in Denial-of-Service attack patterns. The message to organizations is equally as clear: the focus now lies on proactively adapting to these evolving cyber threats.

“Increasing numbers of bad actors are moving up the network stack from layers 3 and 4 to layer 7 with their sights set on compromising online applications and APIs as well as essential infrastructure. To launch attacks with even greater impact, control, and scale, also look for them to continue a steady transition from compromised IoT devices to cloud-based operations.”

The global threat landscape continues to evolve at a rapid pace. In 2023, the profile of Denial-of-Service attacks is being redefined in terms of tactics, vector, size, complexity, and hacktivist offensives.

According to Radware’s attack activity during the first half of 2023:

  • Changing tactics: The number of malicious web application transactions skyrocketed by 500% compared to the first half of 2022, while the total number of DDoS events decreased 33%. This points to a change in DDoS attack patterns as attacks shift from the network layer to the application layer.
  • Surging vectors: There has been a considerable surge in DNS query floods. In the second quarter of 2023, the proportion of attacks featuring a DNS Flood vector climbed almost twofold compared to the ratio of attacks in 2021 and most of 2022.
  • Bigger attacks: The relative number of large attacks (greater than 100Gbps) rose sharply, increasing from 3.75x in 2022 to 10.5x in 2023, considerably outpacing the growth in small (less than 1Gbps) and mid-sized (1Gbps to 100Gbps) attacks.
  • Increasing complexity: The average complexity of attacks increased with attack size. Attacks above 1Gbps on average had more than two dissimilar attack vectors per attack, while attacks above 100Gbps had on average more than eight dissimilar attack vectors.
  • Escalating hacktivist offensives: NoName057(16) was the most active hacker group on Telegram, claiming 1459 DDoS attacks, followed by Anonymous Sudan with 660 attacks, and Team Insane PK with 588 attacks.

“Hacktivists are a major contributor to the dramatic increase in the volume and intensity of layer 7 attacks, and organizations across the globe are getting caught in the crosshairs,” continued Geenens. “The effectiveness of these attacks has been significantly amplified as hacktivists rally patriotic volunteers and provide them access to crowd-sourced botnets, custom attack tools, and detailed attack tutorials.”

According to attacks claimed by hacktivists on Telegram, politically motivated and religious groups waged multiple DDoS campaigns during the first half of 2023:

  • Geographic targets: Most of the hacktivist claimed DDoS attacks targeted India (674 attacks), followed by the United States (507 attacks), Israel (459 attacks), Ukraine (376 attacks), and Poland (297 attacks).
  • Website targets: Government (1112 attacks), business/economy (1036 attacks), and travel (628 attacks) websites faced the most hacktivists attacks, followed by financial services (420 attacks) and health/medicine (329 attacks).

Various regions across the globe emerged as DDoS hot spots. According to Radware’s attack activity during the first half of 2023:

  • EMEA shouldered the largest number of the DDoS attacks, blocking 66% of the attacks and facing 48% of the attack volume.
  • The Americas blocked 25% of the DDoS attacks. While the Americas blocked a smaller share of attacks compared to EMEA, the Americas experienced a threat level on par with EMEA bearing nearly equal attack volumes (47%).
  • The APAC region blocked 9% of the DDoS events and faced 5% of the global attack volume.

Radware’s global attack activity revealed that research and education bore almost a third (32%) of the DDoS attack volume, while service providers and technology accounted for 20% and 12%, respectively. On a regional basis, however, the distribution of DDoS attack volume varied.

During the first half of 2023:

  • In the Americas, service providers (39%) and research and education (38%) drew the majority of the DDoS attack volume, followed by healthcare (7%) and energy (6%).
  • In EMEA, technology (32%) experienced the biggest share of the DDoS attack volume, followed by gaming (15%) and telecom (15%).
  • In APAC, service providers (50%) bore the brunt of the DDoS attack volume, followed by retail (21%), gaming (9%), and transportation and logistics (6%).

While there was near linear growth in the number of web transactions per quarter in 2022, there was exponential growth in the first half of 2023.

According to Radware’s attack activity during the first six months of 2023:

  • The number of malicious web application transactions grew by a staggering 500% compared to the first half of 2022. The sharp rise underscores the significant shift in DDoS attack patterns as attacks increasingly progress to layer 7.
  • The most significant security violation was predictable resource location attacks (34%), followed by SQL (20%) and code injection attacks (10%), together generating 64% of total web application attack activity.
  • The most attacked industry was retail (36%), followed by carriers (11%) and SAAS providers (8%).

Radware’s complete First Half 2023 Global Threat Analysis Report can be downloaded here.

About Radware
Radware® (NASDAQ: RDWR) is a global leader of cyber security and application delivery solutions for physical, cloud, and software defined data centers. Its award-winning solutions portfolio secures the digital experience by providing infrastructure, application, and corporate IT protection, and availability services to enterprises globally. Radware’s solutions empower enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity, and achieve maximum productivity while keeping costs down. For more information, please visit the Radware website.

Radware encourages you to join our community and follow us on: Facebook, LinkedIn, Radware Blog, Twitter, YouTube, and Radware Mobile for iOS and Android.

©2023 Radware Ltd. All rights reserved. Any Radware products and solutions mentioned in this press release are protected by trademarks, patents, and pending patent applications of Radware in the U.S. and other countries. For more details, please see: https://www.radware.com/LegalNotice/. All other trademarks and names are property of their respective owners.


Radware believes the information in this document is accurate in all material respects as of its publication date. However, the information is provided without any express, statutory, or implied warranties and is subject to change without notice.

The contents of any website or hyperlinks mentioned in this press release are for informational purposes and the contents thereof are not part of this press release.

Safe Harbor Statement
This press release includes “forward-looking statements” within the meaning of the Private Securities Litigation Reform Act of 1995. Any statements made herein that are not statements of historical fact, including statements about Radware’s plans, outlook, beliefs, or opinions, are forward-looking statements. Generally, forward-looking statements may be identified by words such as “believes,” “expects,” “anticipates,” “intends,” “estimates,” “plans,” and similar expressions or future or conditional verbs such as “will,” “should,” “would,” “may,” and “could.” For example, when we say that increasing numbers of bad actors are moving up the network stack from layers 3 and 4 to layer 7, we are using a forward-looking statement. Because such statements deal with future events, they are subject to various risks and uncertainties, and actual results, expressed or implied by such forward-looking statements, could differ materially from Radware’s current forecasts and estimates. Factors that could cause or contribute to such differences include, but are not limited to: the impact of global economic conditions and volatility of the market for our products; natural disasters and public health crises, such as the coronavirus disease 2019 (COVID-19) pandemic; a shortage of components or manufacturing capacity could cause a delay in our ability to fulfill orders or increase our manufacturing costs; our business may be affected by sanctions, export controls, and similar measures, targeting Russia and other countries and territories, as well as other responses to Russia’s military conflict in Ukraine, including indefinite suspension of operations in Russia and dealings with Russian entities by many multi-national businesses across a variety of industries; our ability to successfully implement our strategic initiative to accelerate our cloud business; our ability to expand our operations effectively; timely availability and customer acceptance of our new and existing solutions; risks and uncertainties relating to acquisitions or other investments; the impact of economic and political uncertainties and weaknesses in various regions of the world, including the commencement or escalation of hostilities or acts of terrorism; intense competition in the market for cyber security and application delivery solutions and in our industry in general, and changes in the competitive landscape; changes in government regulation; outages, interruptions, or delays in hosting services or our internal network system; compliance with open source and third-party licenses; the risk that our intangible assets or goodwill may become impaired; our dependence on independent distributors to sell our products; long sales cycles for our solutions; changes in foreign currency exchange rates; undetected defects or errors in our products or a failure of our products to protect against malicious attacks; the availability of components and manufacturing capacity; the ability of vendors to provide our hardware platforms and components for our main accessories; our ability to protect our proprietary technology; intellectual property infringement claims made by third parties; changes in tax laws; our ability to realize our investment objectives for our cash and liquid investments; our ability to attract, train, and retain highly qualified personnel; and other factors and risks over which we may have little or no control. This list is intended to identify only certain of the principal factors that could cause actual results to differ. For a more detailed description of the risks and uncertainties affecting Radware, refer to Radware’s Annual Report on Form 20-F, filed with the Securities and Exchange Commission (SEC), and the other risk factors discussed from time to time by Radware in reports filed with, or furnished to, the SEC. Forward-looking statements speak only as of the date on which they are made and, except as required by applicable law, Radware undertakes no commitment to revise or update any forward-looking statement in order to reflect events or circumstances after the date any such statement is made. Radware’s public filings are available from the SEC’s website at www.sec.gov or may be obtained on Radware’s website at www.radware.com.

Media Contact:
Gerri Dyrek