DDoS attacks surge 364% in APAC, driven by AI & hacktivists
The data from Radware's threat intelligence research, which encompasses information from the company's cloud and managed services along with publicly available data from the Telegram messaging platform, provides a detailed overview of recent trends and targets in network and application-based cyberattacks.
Sharp escalation
According to the company, the frequency and intensity of DDoS incidents are outpacing previous years in the region. Kenichiro Sasaki, Country Manager for Radware in Japan, noted the changing landscape of threats facing organisations: "Across APAC, there has been a sharp escalation in the frequency and intensity of cyberattacks and DDoS incidents are leading the charge. Multiple catalysts are driving the threat revolution, including geopolitical conflicts, bigger and more complex threat surfaces, and more sophisticated and persistent threats. Add to that the impact of Al, which is lowering barriers to entry, and what you have is a highly dynamic threat environment that demands equally dynamic defense strategies."
The company's analysis reveals that, from 2023 to 2024, the average number of network DDoS attacks per customer increased by 72%. Service providers were the primary targets, receiving 55% of the attack volume, while the technology and gaming sectors followed with 21% and 11% respectively.
Network-layer and application-layer attacks
Network-layer DDoS attacks have increased threefold in average size during this period. Concurrently, Layer 7 (application-layer) DNS DDoS attacks have also grown considerably, with the number of DNS flood queries and malicious DNS volumes both rising by 93% over the previous year. The manufacturing sector was most impacted by these DNS flood activities, accounting for 43% of the malicious queries, while telecom and energy sectors comprised 40% and 14% respectively.
Radware's research indicates that the broadening digital infrastructure in APAC, coupled with persistent global tensions and the emergence of advanced AI capabilities, are increasing the region's susceptibility to a diverse range of cyber threats.
Hacktivist campaigns intensify
Hacktivist-led cyberattack campaigns have maintained their momentum globally and regionally, with targeted DDoS attacks surging in response to ongoing political and ideological unrest. Data gathered from Telegram indicates a 20% global rise in hacktivist-claimed attacks between 2023 and 2024.
Within APAC, India emerged as the most targeted country with 761 claimed attacks, followed by Indonesia with 614, Taiwan with 281, Thailand with 220, and Bangladesh with 188. The report identifies government institutions as the most commonly targeted group among hacktivists in the region, accounting for 17% of the activity. This was followed by the education sector at 12% and the finance sector at 9%.
The threat actor known as Executor DDoS was the most active in APAC, laying claim to 513 DDoS attacks. This was followed by RipperSec with 467 attacks and NoName057(16) with 362 attacks.
Industry perspectives
The findings reflect broader industry concerns regarding the increasing complexity of cyberattacks and the involvement of AI, which is perceived as reducing the technical barrier of entry for attackers and enabling more frequent and complex campaigns. As the threat landscape evolves, the need for adaptable and advanced defensive strategies is highlighted across affected sectors such as service providers, technology, gaming, manufacturing, telecoms, and energy.
Radware's intelligence underscores the ongoing challenges facing APAC organisations as they address the growing risks and implement strategies aimed at safeguarding their digital operations against a changing backdrop of cyber threats.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
2 days ago
- Techday NZ
LevelBlue & Akamai launch managed service for web app security
LevelBlue and Akamai have announced a partnership to deliver new managed web application and API protection services designed to aid organisations in consolidating, simplifying, and scaling their security operations. Service overview The partnership introduces LevelBlue Managed Web Application and API Protection (WAAP), a security service built to provide adaptive, continuous protection to help mitigate risks and reduce the operational demands linked with securing web applications and APIs. The service incorporates Akamai's App & API Protector technology, featuring web application firewall (WAF), distributed-denial-of-service (DDoS) mitigation, bot protection, and foundational API security. This technology is integrated with expertise from LevelBlue's dedicated WAAP Operations team. Against a backdrop of expanding application deployment and usage of APIs, organisations worldwide are facing increased challenges. Research from Enterprise Strategy Group highlights that the average number of web applications per organisation is expected to rise from 145 to more than 200 over two years. The proportion of organisations with over half of their applications using APIs is forecasted to climb from 32% to 80% over the same period. Challenges for security teams Security teams are contending with several critical challenges, including the need to discover application and API deployments, scale protections appropriately, swiftly identify and mitigate attacks, and ensure that security measures do not detract from performance. Added to these obstacles are staff shortages and a proficiency gap, with half of midmarket organisations reporting it is harder to secure web apps and APIs than it was two years ago. Many seek external support and more straightforward, consolidated solutions as environments grow more complex. LevelBlue Managed WAAP aims to tackle these requirements by delivering measurable outcomes in security and simplifying operational processes. Industry perspectives "Today, a surprising number of organisations rely on multiple tools that are not purpose-built for web application and API security - leading to complexity, silos, and rising costs," said Sundhar Annamalai, President of LevelBlue. "LevelBlue offers an alternative: proven services that consolidate and simplify protections with predictable investment. By combining LevelBlue's operational expertise with Akamai's proven technology, organisations can stay ahead of evolving threats and create cyber resilience for critical digital capabilities." The service is available in two tiers, Essential and Advanced, giving organisations flexibility to select the level of support most suited to their requirements. Key features include: Round-the-clock support and advisory from a fully operational team of WAAP specialists Automatic identification and classification of web applications and APIs, with scalable protection prioritised for exposed or sensitive data-handling assets AI-powered threat detection combined with global threat intelligence to identify anomalies and adapt to emerging attack vectors Expert-led, automated policy management to improve efficiency, reduce false positives, and align with contemporary DevOps workflows The prevalence and complexity of online threats continues to increase. In 2024, Akamai reported witnessing over 311 billion web application attacks, highlighting the need for robust protection as organisations accelerate digital adoption and AI-powered attacks become more sophisticated. "In 2024 alone, Akamai saw over 311 billion web app attacks. As AI accelerates, threats are harder to spot, and security is tougher to control," said Rupesh Chokshi, Senior Vice President and General Manager of Akamai's Application Security Portfolio. "Akamai and LevelBlue's partnership gives customers access to a trusted, reliable team that combines industry-leading technology with the deep operational expertise of one of the world's largest MSSPs. It's a powerful combination with a flexible solution that can fast-track organisations to resilient protection and compliance." Follow us on: Share on:
Techday NZ
08-08-2025
- Techday NZ
DDoS attacks surge 364% in APAC, driven by AI & hacktivists
Radware has reported a significant escalation in Distributed Denial of Service (DDoS) attack activity across the Asia-Pacific (APAC) region, with average attack volumes increasing by 364% compared to the previous year. The data from Radware's threat intelligence research, which encompasses information from the company's cloud and managed services along with publicly available data from the Telegram messaging platform, provides a detailed overview of recent trends and targets in network and application-based cyberattacks. Sharp escalation According to the company, the frequency and intensity of DDoS incidents are outpacing previous years in the region. Kenichiro Sasaki, Country Manager for Radware in Japan, noted the changing landscape of threats facing organisations: "Across APAC, there has been a sharp escalation in the frequency and intensity of cyberattacks and DDoS incidents are leading the charge. Multiple catalysts are driving the threat revolution, including geopolitical conflicts, bigger and more complex threat surfaces, and more sophisticated and persistent threats. Add to that the impact of Al, which is lowering barriers to entry, and what you have is a highly dynamic threat environment that demands equally dynamic defense strategies." The company's analysis reveals that, from 2023 to 2024, the average number of network DDoS attacks per customer increased by 72%. Service providers were the primary targets, receiving 55% of the attack volume, while the technology and gaming sectors followed with 21% and 11% respectively. Network-layer and application-layer attacks Network-layer DDoS attacks have increased threefold in average size during this period. Concurrently, Layer 7 (application-layer) DNS DDoS attacks have also grown considerably, with the number of DNS flood queries and malicious DNS volumes both rising by 93% over the previous year. The manufacturing sector was most impacted by these DNS flood activities, accounting for 43% of the malicious queries, while telecom and energy sectors comprised 40% and 14% respectively. Radware's research indicates that the broadening digital infrastructure in APAC, coupled with persistent global tensions and the emergence of advanced AI capabilities, are increasing the region's susceptibility to a diverse range of cyber threats. Hacktivist campaigns intensify Hacktivist-led cyberattack campaigns have maintained their momentum globally and regionally, with targeted DDoS attacks surging in response to ongoing political and ideological unrest. Data gathered from Telegram indicates a 20% global rise in hacktivist-claimed attacks between 2023 and 2024. Within APAC, India emerged as the most targeted country with 761 claimed attacks, followed by Indonesia with 614, Taiwan with 281, Thailand with 220, and Bangladesh with 188. The report identifies government institutions as the most commonly targeted group among hacktivists in the region, accounting for 17% of the activity. This was followed by the education sector at 12% and the finance sector at 9%. The threat actor known as Executor DDoS was the most active in APAC, laying claim to 513 DDoS attacks. This was followed by RipperSec with 467 attacks and NoName057(16) with 362 attacks. Industry perspectives The findings reflect broader industry concerns regarding the increasing complexity of cyberattacks and the involvement of AI, which is perceived as reducing the technical barrier of entry for attackers and enabling more frequent and complex campaigns. As the threat landscape evolves, the need for adaptable and advanced defensive strategies is highlighted across affected sectors such as service providers, technology, gaming, manufacturing, telecoms, and energy. Radware's intelligence underscores the ongoing challenges facing APAC organisations as they address the growing risks and implement strategies aimed at safeguarding their digital operations against a changing backdrop of cyber threats.
Techday NZ
30-07-2025
- Techday NZ
Quadruple extortion ransomware rises in Asia Pacific region
The Akamai State of the Internet (SOTI) report has identified a shift in ransomware tactics in the Asia Pacific region, with quadruple extortion methods emerging alongside sustained use of double extortion techniques. The report, titled "Ransomware Report 2025: Building Resilience Amid a Volatile Threat Landscape," details how cybercriminals are incorporating an increasingly complex mix of threats and pressure on their victims. While double extortion ransomware, which involves encrypting a victim's data and threatening public release unless ransoms are paid, remains prevalent, the new quadruple extortion methods now include Distributed Denial of Service (DDoS) attacks and pressure exerted on customers, partners or the media to intensify the coercion. Steve Winterfeld, Advisory CISO at Akamai, outlined the expanding risk landscape facing organisations. "Ransomware threats today are not just about encryption anymore. Attackers are using stolen data, public exposure, and service outages to increase the pressure on victims. These methods are turning cyberattacks into full-blown business crises, and are forcing companies to rethink how they prepare and respond." Ransomware accounted for a significant share of total data breaches in Asia Pacific in 2024, with the report warning that organisations must enhance cyberdefence strategies and test resilience capabilities in order to prevent major disruptions. Regional impacts According to the report, groups such as LockBit, BlackCat/ALPHV, and CL0P continue to pose major threats in the region, although newcomers Abyss Locker and Akira are growing in prevalence. These syndicates have prioritised critical sectors, with healthcare and legal services identified as primary targets. High-profile incidents in recent months include the Abyss Locker breach, which resulted in the theft of 1.5TB of sensitive data from Australia's Nursing Home Foundation, and a USD $1.9 million extortion payout by a Singapore-based law firm following an Akira ransomware incident. Emergence of hybrid actors The report notes the growing activity from hybrid ransomware activist groups, some of which leverage ransomware-as-a-service (RaaS) to expand operational reach. Groups such as RansomHub, Play, and Anubis have been implicated in attacks on small and medium-sized enterprises, healthcare organisations, and educational institutions across Asia Pacific. Targets include an Australian in vitro fertilisation clinic and several medical practices affected by these syndicates. Compliance complexity A key theme highlighted is the increasingly complicated compliance landscape facing affected businesses. In Asia Pacific, uneven regulatory maturity and fragmented data protection laws have enabled cybercriminals to exploit gaps and delays in incident response. The report outlines how non-compliance risks differ significantly, citing Singapore's Personal Data Protection Act (PDPA) – with fines up to 10% of annual revenue – compared to potential criminal penalties in India, and the lack of formal financial penalties in Japan. These variations create a patchwork of obligations that multinational firms must navigate whilst managing the onset of a ransomware crisis. Zero Trust and defence strategies The report urges organisations to focus on the adoption of Zero Trust architectures and microsegmentation in order to address the challenges of modern ransomware threats. Case studies include a regional consulting firm in Asia Pacific deploying software-defined microsegmentation, which facilitated restrictive access controls and limited the spread of an attack within its network. Reuben Koh, Director of Security Technology and Strategy, Asia-Pacific & Japan at Akamai, commented on the regional context and the growing expectations on security teams. "Asia-Pacific's digital economy is one of the fastest growing in the world, largely due to its rapid pace of innovation. However, security teams are being challenged to keep up with a frequently expanding attack surface, and Ransomware attacks tend to target those blind spots. Organisations need to re-assess their security posture and double-down in their efforts to be more cyber resilient. Adopting Zero Trust architectures that are centred around verified access and microsegmentation are a good way to minimise the impact of a ransomware attack. Together with regular recovery drills and incident response simulations, these will become core essentials in improving cyber resilience against attacks like ransomware." Global trends On a global scale, the report identifies that the rise of generative artificial intelligence (GenAI) and large language models (LLMs) is accelerating both the frequency and sophistication of ransomware attacks by lowering the technical barriers for attackers. The use of ransomware-as-a-service is also broadening the base of active threat actors, with many campaigns motivated by political or ideological factors as well as financial gain. The research highlights that almost half of the cryptomining attacks analysed targeted nonprofit and educational organisations, indicating resource constraints make these sectors a frequent target. Additionally, the Trickbot malware family, used extensively by ransomware operators, has enabled the extortion of USD $724 million in cryptocurrency from victims globally since 2016.
