Web DDoS attacks have surged globally by 265% during the first six months of this year compared to the second half of 2023, according to Radware’s H1 2024 Global Threat Analysis Report.

For those unfamiliar, Web DDoS Tsunami attacks are a new form of DDoS attack that specifically targets web applications and APIs. They are characterized by their high volume (plus evasion techniques to bypass traditional defenses), and their ability to quickly overwhelm various systems. These attacks are often launched by state-sponsored groups or organized cybercriminal organizations, which make them a huge threat to businesses and critical infrastructure.

One of the key features of Web DDoS Tsunami attacks is their ability to mimic legitimate traffic. Attackers use a variety of techniques to achieve this, such as randomizing HTTP methods, headers and cookies, and impersonating popular embedded third-party services. This makes it difficult for traditional security measures, such as firewalls and intrusion detection systems, to identify and block malicious traffic.

And the impact of a successful Web DDoS Tsunami attack can be devastating, to be sure. These attacks can disrupt business operations, damage brand reputation and even lead to financial losses.

As such, organizations need to be aware of the threat posed by these attacks and take steps to protect themselves. This includes implementing better security measures. In fact, one of Italy’s top banks made themselves aware of the threat and decided to turn to Radware, a company familiar with these attacks.

Based on the agreement, the financial institution will use Radware’s (News - Alert) end-to-end suite of network and application security and application delivery solutions. This includes Radware’s Cloud Application Protection and Cloud DDoS Protection Services as well as its Alteon application delivery controller with its Global Elastic License.

Radware's Cloud Application Protection Services provide agnostic application protection through the company’s web application firewall, bot detection and management, API protection, client-side protection and application-layer DDoS protection. The solutuion combines end-to-end automation, behavioral-based detection and 24/7 managed services, making it designed to offer organizations the highest level of application protection with the lowest level of false positives.

As for Radware’s Alteon application delivery controller, it offers comprehensive application protection via embedded web application firewall, bot management and API protection capabilities. It is designed to defend against a wide range of threats, including OWASP vulnerabilities, bad bots, zero-day and supply chain attacks and API assaults.

Accompanied by Radware’s GEL, companies allocate their application security services across any private or public cloud environment at a moment’s notice, without jeopardizing their initial investment.

“With the rise in Web DDoS attacks, many financial institutions are under pressure to reassess their cybersecurity frameworks and shore up their security measures,” said Yoav Gazelle, Radware’s Chief Business Officer. “Those who act early will be in the best position to manage these changes and protect their vital services. Radware’s AI-driven cloud security solutions are built to strengthen operational resilience and security postures by helping organizations automatically identify, mitigate, and adapt to evolving threats and disruptions.”

The bank’s decision to expand security services was also driven by stricter and changing regulatory controls. This includes the enforcement of the European Union’s new Digital Operational Resilience Act. The new regulation requires financial institutions and the third-party service providers that support them to advance their cybersecurity and operational processes by January 17, 2025, when enforcement begins.