Resource Center
Learn More About Continuous DDoS Vulnerability Management
DDoS Threat Landscape Report, Q2 2024
DDoS Attacks December 2023
DDoS Attacks November 2023
DDoS Attacks October 2023
DDoS Attacks September 2023
DDoS Attacks August 2023
MazeBolt – DDoS Threats – Q3 2023
DDoS Attacks July 2023
DDoS Attacks June 2023
DDoS Attacks May 2023
DDoS Attacks April 2023
DDoS Attacks March 2023
DDoS Attacks February 2023
DDoS Attacks January 2023
DDoS Attacks December 2022
DDoS Attacks November 2022
October: DDoS Attack Round Up
September: DDoS Attack Round Up
International Bank Chooses RADAR™ to Prevent Damaging DDoS Attacks
Government Secures Parliamentary Elections
From 50% to Less Than 15% DDoS Risk
Gamer Maintains Business Continuity
Bank Meets EU’s DORA Regulations
Enhance Microsoft Azure DDoS Protection with MazeBolt RADAR
MazeBolt RADAR™ vs. Traditional DDoS Testing
Supporting DORA Readiness
Preferred Remediation Technology Alliance
MazeBolt – RADAR for Partners
MazeBolt – RADAR™ Overview
What Most DDoS Protection Vendors Don’t Want You to Know
Cyber Awareness for Kids: Cyber Heroes and the DDoS Defense
Maintaining Business Continuity with Gartner® CTEM
The DDoS Handbook for CISOs and Security Leaders
A Comprehensive Guide to SEC Cyber Risk Management
A Guide to DORA Readiness for Financial Services
Top 10 DDoS Attacks That Can Bring Down Your Business
The Essential Guide to Optimizing your DDoS Protection
Damaging DDoS Downtime: Who Is at Risk?
3 New Approaches DDoS to Vulnerability Management
Infographic: Put Business Continuity First with CTEM
Infographic: DDoS Vulnerability Management
Infographic: Time is Running Out! DORA Enforcement Starts January 2025
Infographic: DDoS Testing Vs. DDoS RADAR™ Testing
Infographic: Battling DDoS In The Gaming World
DDoS Attack on Governments 2021
Frost & Sullivan Report: Ongoing Vulnerability Testing for DDoS Protection
Ensuring Business Continuity in the Face of DDoS Threats
The State of DDoS Mitigation
Which Threat Actors are Behind DDoS Attacks on Democratic Elections?
Introducing DDoS Vulnerability Management for Azure DDoS Protection with MazeBolt
The Problem of DDoS Attacks and the Vulnerabilities That Won’t Go Away
Non-Disruptive, Full-Coverage DDoS Testing with Zero Downtime
Greece as an Example: DDoS Attacks Can Cost Lives
Webinar: Zero Trust & DDoS | New Policies, Best Practices & How To Implement Them
RADAR™ Distributed Denial of Service Protection
Attack Round-ups
2025
DDoS Trends Report
Predictions Based on MazeBolt Research into DDoS Attacks
Executive Summary
Why does the risk of Distributed Denial-of-Service (DDoS) attacks continue to rise?
DDoS attacks surged almost a third (30%) in the first half of 2024 compared to the same period in the previous year. Moreover, DDoS attacks on critical infrastructure increased by 55% in the last four years.
Hacktivist groups motivated by political and ideological agendas are driving the current growth in DDoS attacks. Moreover, today’s DDoS attacks may utilize advanced botnets to implement sophisticated attack methods that ensure that they are harder to detect and neutralize.
As the DDoS risk increases, awareness of why DDoS attacks persist is a key challenge. Security leaders need to promote an understanding that the main reason DDoS attacks still succeed is due to the existence of unidentified DDoS vulnerabilities. Therefore, the only way to mitigate the risk of attack is through a process of continuous testing, vulnerability identification, timely remediation, and validation.
This type of ongoing, proactive approach is crucial to maintaining DDoS resilience and supporting the business continuity of online services.
This report provides insight into MazeBolt’s DDoS predictions for 2025, based on our own research and reports in the media during 2024.
DDoS Attack Trends for 2025
Based on MazeBolt’s internal and market research, we can expect to see the following DDoS attack trends continuing throughout 2025:
Threat to Democratic Elections
Politically motivated hackers can be expected to continue targeting countries undergoing election cycles. The attacks are likely to be both in the months leading up to elections as well as after the polls have opened. These types of attacks may be successful in causing downtime of electoral websites and infrastructure, and they can undermine the public confidence in election results.
Greater Enforcement of Compliance Requirements
Companies will continue to invest in adapting their cybersecurity processes to meet the more stringent regulations that came into effect recently, avoid stiff fines.
In-Depth Reporting
Companies will need to provide in-depth, timely DDoS resilience and attack reports, to meet the regulations, and this will create a greater need for the ongoing visibility and
Companies will need to provide in-depth, timely DDoS resilience and attack reports, to meet the regulations, and this will create a greater need for the ongoing visibility and attack prevention capabilities provided by continuous DDoS vulnerability testing.
attack prevention capabilities provided by continuous DDoS vulnerability testing.
Industries at Greater Risk
Companies in the industries of banking and financial services, insurance, healthcare, and transportation are expected to continue being targeted more than other industries throughout 2025.
DDoS-for-Hire Services
DDoS-for-Hire gives less technically proficient threat actors an easy way into the hacking industry, by making it easier to launch DDoS attacks. The increase in DDoS-for-Hire tools is particularly notable in Asia and is connected to the rising risk of DDoS attacks across multiple sectors. DDoS-for-Hire gives users the ability to carry out an unwarranted performance, on a network.
2024 DDoS Attack Analysis
A closer look at recently reported DDoS attacks shows that new DDoS attack techniques and emerging vulnerabilities are creating significant challenges for organizations that are trying to protect their digital services. Here are the most significant attack trends that emerged based on the data from recent DDoS attacks.
The Threat to Democratic Elections
2024 was a landmark year in electoral politics, with 50 countries plus the European Union – representing a total of over 2 billion voters – holding elections. Politically motivated DDoS attacks took place in countries in the months leading up to elections as well as after the polls opened.
In some cases, the DDoS attacks were successful in disrupting critical election infrastructure, causing downtime, and undermining the confidence of the public in the reliability of election results. DDoS attacks peaked around critical dates, indicating a coordinated effort to disrupt electoral processes.
Funding for the work of the threat actors, including both criminal groups and hacktivists, allegedly was provided by nation-states.
Examples of DDoS attacks during election cycles include:
US
What is a DDoS Attack? Elon Musk Claims Cyberattack Delayed Trump Interview
France
First Round of French Election: Party Attacks and a Modest Traffic Dip
Venezuela
Venezuela’s Election as seen in Cyberspace
More Stringent Compliance Regulations
With the DORA and NIS2 Directive regulations in the EU, and new SEC regulations in the US, 2024 has seen a significant shift in the stringency of DDoS testing. One of the key aspects of the regulations involves more in-depth, transparent, and timely reporting requirements – and continuous DDoS testing is essential to complying with these requirements.
Enterprises doing business in Europe and the US must enhance their cybersecurity processes to meet the new regulations and avoid hefty fines. The DORA regulations, for example, are based on the following five pillars:
High-Profile Arrests of Perpetrators of DDoS Attacks
Law enforcement officials are also making the headlines – with a number of instnaces in which the authorities have taken steps to detain groups responsible for high-profile DDoS attacks. In some cases, the arrest led to a new rash of DDoS attacks in response. For example, after the arrest of Telegram’s CEO Pavel Durov, several hacking groups launched a #FreeDurov DDoS campaign against online services in France. Here are some of the stories covered in the media:
US
France
Telegram’s CEO & Founder Durov Under Arrest: Cybercriminals React
UK
17-Year-Old Linked to Scattered Spider Cybercrime Syndicate Arrested in UK
Spain
Spanish Police Arrest Three Suspects Linked to Pro-Moscow NoName057(16) Hackers
Japan
International Investigation of DDoS Leads to Oita Man’s Arrest
Cambodia
Anti-government Hackers Arrested After Attacks on Cambodian Official Websites
A Shift in DDoS Public Awareness?
DDoS attacks on big name brands such as Disney+ in France, KFC in Italy, and Starbucks in the US were discussed in online forums and on social media. While these attacks were not confirmed publicly as DDoS attacks, the headlines associating them with DDoS are indicative of an increase in public awareness of DDoS dangers.
Top DDoS Targets: Breakdown by Industry
The following industries were the worst hit by DDoS attacks:
Finance
Disrupted online services and availability,
causing financial
and reputational damages
Healthcare
Targeted the patient management systems and telemedicine platforms used by healthcare providers
Government
Often coincided with political events; aimed to erode public trust and disrupt administrative functions
Transportation
Disrupt airlines and railway booking systems; exposed or blocked access to sensitive data; and impacted supply chains
While many organizations try to hide cyber breaches, the information that did become public made it clear that the most frequently attacked organizations provide financial services.
These include banks, payment processors, and other financial organizations. After financial services, the industries most targeted include healthcare, government organizations, and transportation.
The Most Prevalent Types of DDoS Attacks
The impact of a DDoS attack depends on several factors, including the scale of an attack, the nature of the attack, and the ability of the target system to handle the attack. While the frequency of DDoS attacks continues to rise, the attacks are also evolving in complexity and scale. For example, sophisticated DDoS attack methods are being implemented by advanced botnets such as the botnet malware family Gorilla.
In recent months, a marked increase has been seen specifically in the following types of DDoS attacks:
A Growing Threat: DDoS-for-Hire Services
Typically, DDoS attacks were carried out by highly skilled hackers with access to large networks of compromised devices, often referred to as botnets. With the rise of the commercialization of cybercrime, a new and concerning trend has emerged: DDoS as a Service (DDoSaaS). This trend significantly lowers the barrier to entry for launching powerful DDoS attacks. It is a model that allows individuals with limited technical skills to utilize botnet infrastructure and launch attacks against targets of their choice.
Greater Accessibility
DDoSaaS platforms are available on the dark web – as well as through “legitimate” channels on the open internet, where they are marketed as “stress testing” services. (By masquerading as legitimate services, they can be sold on the open internet). “Legitimate” channels include Telegram Channels, DDoS-for-Hire Forums and API-based DDoS Platforms.
These services provide simple, web-based dashboards and interfaces, allowing users to easily configure and launch attacks without requiring in-depth technical knowledge.
Users can usually select from various DDoS attack types, including volumetric floods, protocol attacks, and application layer attacks.
Greater Affordability
Services are typically offered through tiered subscription plans, with prices ranging from as low as $10 (on sale!) to $500 per month. Pricing often depends on factors like attack duration, volume, frequency, and the number of concurrent targets.
Most platforms accept easy-to-use payment methods such as cryptocurrency payments – particularly Bitcoin, for anonymity. Some services even accept PayPal and other payment methods.
More Effective
DDoSaaS providers maintain networks of compromised devices (frequently called botnets) to carry out attacks. These botnets can sometimes generate very high traffic volumes.
Many of these services utilize reflection and amplification methods to increase attack power and effectiveness.
Most platforms offer features to hide users’ identities, like not tracking IP addresses and encouraging VPN/Tor network usage.
Providers Operate Like Legitimate Businesses
Many DDoSaaS providers offer customer support, tiered service packages, and performance guarantees. Some even offer Service Level Agreements (SLAs) and refunds if an attack doesn’t achieve the desired outcome.
Beyond DDoS, some platforms offer other malicious tools like IP trackers or credential stuffing services.
DDoSaaS is Contributing to a Notable Surge in DDoS Attacks
The proliferation of DDoSaaS has democratized cyberattacks, making them accessible to anyone with malicious intent and a modest budget. As a result, organizations must be more vigilant than ever, adopting proactive cybersecurity measures. Businesses can reduce the risk of downtime, protect their reputation, and ensure the continuity of their operations by:
- Understanding the mechanics of DDoSaaS
- Implementing robust defenses
- Continuously testing for DDoS vulnerabilities
DDoSaaS is not just a passing fad. It’s a growing business that has solidified its place in the cybercrime ecosystem. The best defense is to be proactive, continuously test for vulnerabilities, and adapt to the changing threat landscape.
Drill-Down: Top Attacks
The tables below provide insight into DDoS attacks published in the media during the third quarter of 2024. See also MazeBolt’s attack reports for Q1 and Q2.
July
August
September
Key Takeaways
Even with the best DDoS protections in place, the MazeBolt research team has found out, on average, 37% of an organization’s DDoS attack surface still remains vulnerable to DDoS attacks. This is because, over time, changes in IT systems and online services lead to security policy drift that results in DDoS vulnerabilities and misconfigurations, which leave organizations unprotected.
Shifts in the DDoS attack landscape that were particularly noteworthy this year included:
- The growing number of attacks disrupting elections
- New and more stringent compliance regulations that went into effect (NIS2, DORA)
- Greater public awareness of DDoS – in response to both the headlines around high-profile arrests of perpetrators of DDoS attacks, and several alleged DDoS attacks on big name brands
- Increased adoption of the business model known as DDoS-for-Hire services
Protecting organizations from damaging DDoS attacks – and thereby strengthening the business continuity of online services – requires:
Continuous
DDoS Testing
Sharpening of Operational Resilience
Transparency
and Reporting
Regulatory
Compliance
About MazeBolt
MazeBolt RADAR™ is a patented DDoS Vulnerability Management solution. Using thousands of non-disruptive DDoS simulations and without affecting online services, it can identify and enable the remediation of vulnerabilities in deployed DDoS defenses. RADAR™ enables organizations and governments to maintain the uninterrupted business continuity of online services. Using RADAR’s patented vulnerability simulation technology, enterprises have unparalleled visibility into their DDoS protection solutions so they can be confident that damaging DDoS attacks can be prevented – before they happen.
Read more at: https://www.mazebolt.com
Case Studies
Banking
International Bank Chooses RADAR™ to Prevent Damaging DDoS Attacks
The Customer
A large, international bank operating in Europe and the US was facing repetitive DDoS attacks and downtime of critical online banking and third-party financial services.
Key Takeaways
Customer Challenges
- Recurring DDoS downtime
- Lost revenue, due to the disruption of business operations
- High risk of customer churn
Our Impact
- Elimination of damaging DDoS downtime
- Lower DDoS vulnerability level – from 57% to under 5%
- Reduction of the cost of cyber insurance
The Challenge
Ongoing DDoS attacks created the following challenges:
- Unavailability of critical, customer-facing services, including online and mobile banking, and proprietary trading platforms
- Inaccessibility of third-party, connected applications (such as loan and payment apps)
- Interruption to VPN connectivity, creating issues for employees and remote branches
- Risk to open banking initiatives due to API vulnerabilities
Our Solution
RADAR’s nondisruptive DDoS attack simulation solution was deployed in the bank’s primary data centers. RADAR identified vulnerabilities in the scrubbing center, CPE, and WAF protection layers.
First, RADAR identified the following DDoS vulnerabilities in the bank’s deployed protection technologies:
- 57% DDoS vulnerability level – across layers 3, 4, and 7
- Automated DDoS protection that was only 43% effective
- DDoS protection policies that were not customized, leaving the bank exposed.
Working with MazeBolt’s Professional Services team, the bank was able to gain critical visibility into its DDoS protection misconfigurations and vulnerabilities – per security layer.
Next, RADAR provided the bank with a prioritized report of identified vulnerabilities. MazeBolt’s actionable remediation plan continues to be generated automatically after each cycle of RADAR attack simulations. This enables MazeBolt’s team to focus on the attack vectors that present the greatest risk to the bank’s environment, including: sophisticated Layer 7 attacks, Slowloris, UDP, and DNS attack vectors.
Customer Benefits
Since the bank started working with RADAR, all DDOS attacks have been mitigated automatically without without any damaging downtime.
Additional benefits include:
- Improvement of automated DDoS protection by over 120% (from 43% to over 95%), enabling the bank to avoid disruption of business operations
- Reduction in cyber insurance costs
- Drop in the bank’s DDoS vulnerability level – from 57% to less than 5%
- RADAR-generated reports that are key to the bank’s compliance with cybersecurity regulations
MazeBolt’s actionable remediation plan continues to be generated automatically after each cycle of RADAR attack simulations. This enables MazeBolt’s team to focus on the attack vectors that present the greatest risk to the bank’s environment, including: sophisticated Layer 7 attacks, Slowloris, UDP, and DNS attack vectors.
– CISO, International Bank
Insurance
Avoiding Damaging DDoS Downtime
In less than 6 months, MazeBolt RADAR™ identified and remediated over 93% of DDoS vulnerabilities for a major insurance company.
The Customer
The customer is a leading insurance company catering to a customer base of over 4 million, with yearly revenues of over $8 billion. The customer recently underwent a comprehensive digital overhaul – enhancing its offerings by delivering essential services and mobile applications to its valued customers, agents, and staff. They struggled to prevent recurring DDoS attacks that caused damaging downtime.
Key Takeaways
Customer Challenges
- Recurrent downtime due to DDoS attacks
- Multi-million-dollar losses and online reputational damages
- Identification of only a fraction of the DDoS vulnerabilities
- Lack of an actionable remediation plan
The Benefits
- Understanding critical DDoS exposure and risk
- Avoidance of damaging DDoS downtime
- Access to insight and data necessary to protect services
- All DDoS attacks have been mitigated automatically
- Automated DDoS protection improved by over 150%
The Challenge
Despite having robust DDoS protection solutions in place – including a Scrubbing Center and on-premises DDoS protection – the company experienced damaging DDoS downtime. The downtime caused:
- Disruption to critical mobile and online services
- Disruption to claims and payment processes
- Agent productivity loss (i.e., when the agent portal is unavailable)
- Employee productivity loss (i.e., when the VPN and email servers are down)
A rough estimate of DDoS downtime costs indicated a multi-million-dollar loss, as well as reputational damage. Biannual, DDoS pen testing was disruptive to network security teams. They required maintenance windows and were not effective in preventing attacks due to the testing’s irregularity. In addition, traditional DDoS tests identified only a fraction of the DDoS vulnerabilities and lacked an actionable remediation plan. Recognizing the growing risk of DDoS attack, the company was looking for ways to significantly reduce the risk and prevent damaging DDoS downtime.
Our Solution
MazeBolt conducted a short Proof of Concept (POC), and it became clear that over 54% of Layer 7 attacks were not blocked and were likely to cause downtime. The company decided to deploy MazeBolt RADAR in three data centers downstream of each of their DDoS protection layers, so that – using continuous, non-disruptive DDoS testing – they could easily expose all the company’s DDoS vulnerabilities. RADAR uncovered the following information:
- Over 2,800 DDoS vulnerabilities
- 63% of the DDoS vulnerabilities (from layers 3, 4, and 7) remained a threat
- The existing DDoS protection deployed was only 37% effective
- Emergency response teams and SLAs were only implemented after the attack
RADAR automatically provided a prioritized remediation plan of all DDoS vulnerabilities, including Slowloris, UDP, IKE, and DNS attack vectors. MazeBolt’s Professional Services team helped manage the remediation process, working side by side with the customer’s SOC team and DDoS mitigation vendor.
During the first round of testing, RADAR identified that the company did not have Layer 7 DDoS protection and required SSL off-loading to enable it. If the company had been hit with a DDoS attack at that time, the enormous volume of their DDoS vulnerabilities would have left the company’s environment unprotected. Manual intervention of emergency response teams would have been required, resulting in damaging time-to-mitigation (TTM) and emergency response SLAs.
Customer Benefits
The impact of RADAR on the company’s DDoS resilience included:
- Identifying and eliminating over 93% of DDoS vulnerabilities in layers 3,4, and 7
- Improving automated DDoS protection by over 150%
- Choosing and deploying a Web Application Firewall (WAF) solution
- Automatically blocking Layer 7 attacks (based on RADAR recommendations)
- Reducing DDoS vulnerability levels to less than 10%
- Eliminating the need to initiate emergency response SLAs
Since deploying RADAR, the customer has successfully proactively mitigated DDoS attacks automatically, without any damaging downtime – despite being heavily targeted by multiple threat actors. Ongoing RADAR validation provides the necessary insight and data to maintain and protect new services.
The company is currently extending the RADAR deployment to their cloud environments. Their cloud deployment will be centrally managed with the company’s existing, on-prem. deployment, to create a unified vulnerability flow with their DDoS mitigation vendor.
Following our work with MazeBolt, I felt our previous DDoS protection efforts were like a ‘placebo.’ MazeBolt provided us with critical insights to remediate all our DDoS risks. I’m confident our systems are much safer today with RADAR and our DDoS protection is as resilient as possible.
– CISO of a leading, global insurance company
Government
Government Secures Parliamentary Elections
Israel’s government used RADAR™ to protect over 2,300 online services from DDoS attack & ensure that national election processes were secured.
The Customer
Israel’s governmental institutions offer over 2,300 services online. As public services are widely used online, it is essential that business continuity of these services is maintained 24/7 – and that downtime is avoided. Successful DDoS attacks are highly publicized in Israel, and potentially, a DDoS attack can become an issue of national security.
Key Takeaways
Customer Challenges
- Protecting the integrity of upcoming national elections
- Ensuring effective defense against ongoing DDoS attacks
- Preventing damaging DDoS downtime
Our Impact
- Ensuring parliamentary elections took place without disruption
- Maintaining the business continuity of online governmental services 24/7
The Challenge
The Israeli government continues to be a major target for politically motivated DDoS attackers. At the same time, the government continued to move additional public services online, including payments, requests and informational services.
During Israel’s parliamentary elections, all these issues were exacerbated:
- Multiple threat actors –Government departments were under constant threat from multiple groups
- Stability – Online availability during elections is critical to Israel’s democratic process
- Zero downtime – With so many governmental institutions offering services online, downtime due a DDoS attack must be avoided
Our Solution
After RADAR was deployed, the Israeli government’s cybersecurity unit gained complete visibility into their DDoS security posture. Following initial testing, several DDoS protection layers were identified as vulnerable. MazeBolt’s Professional Services team prioritized remediation efforts and empowered the Israeli government to work with their DDoS protection providers and ensure zero disruption to online services.
Customer Benefits
The impact of RADAR on the company’s DDoS resilience included:
- Full visibility – The cybersecurity team gained full visibility into each security layer
- Remediated vulnerabilities – Discovery of regions of the network that weren’t protected, and closing vulnerabilities quickly and efficiently
- Zero Downtime – No interruption to online services during testing and remediation periods, while successfully blocking all DDoS attack attempts
- Complete resilience – Despite being targeted by threat actors, none of the sites that implemented RADAR experienced any DDoS attacks
Israel’s Head of IT Security indicated that the continuous visibility provided by RADAR, combined with the clear and precise reports provided by RADAR, allowed the government’s cybersecurity department to dramatically reduce their DDoS risk and ensure that parliamentary elections were not disrupted.
Banking and Financial Services
Eliminating DDoS False Positives
DDoS risk was reduced from 48% to 2% for a global, financial services enterprise that uses RADAR™ to gain better ROI on their DDoS protections.
The Customer
A global financial services organization was committed to providing reliable services and tools to its account holders. They had developed a system that made it easy for their customers to set up and use their services, and a complex, secure, and highly intelligent platform was behind the streamlined customer experience they developed. The platform included intricate applications and networks that worked together seamlessly. But a single incident spiraled into a hazardous DDoS attack. The company’s legitimate customers were blocked from accessing services.
Key Takeaways
Customer Challenges
- Understanding true DDoS exposure and risk
- Effectively securing rapidly expanding online services
Our Impact
- Drastically reduced risk from 48% to 2% – a 24x risk reduction
- Elimination of false positives
- Better ROI on DDoS protection investments
- Continuous DDoS testing with no service disruption
The Challenge
When the company added new services – designed to improve sales and increase customer engagement for their merchants – one of the applications inadvertently sent out a push request to the customer base. This resulted in a flood of legitimate responses. The company’s automated DDoS protection mistakenly identified the legitimate request as a DDoS attack and the end-users were blocked. As a result, thousands of their customers were denied access, which resulted in significant reputational damage.
The company sought a way to ensure that their DDoS protection would keep pace with any future changes introduced to their online services because of digital transformation processes, and that the DDoS protection would not cause false positives. The management needed assistance to:
- Understand their true DDoS exposure and risk
- Effectively secure their rapidly expanding online services
Our Solution
MazeBolt RADAR empowered the company to identify legitimate requests – running DDoS testing automatically, continuously, and nondisruptively. RADAR was incremental to the company’s existing DDoS protection to provide full visibility into legitimate requests that were blocked, for each web-facing IP/target in the network environment.
By harnessing RADAR’s thousands of vulnerability simulations, the company was able to work effectively with their DDoS protection vendor and fine-tune their DDoS protection configurations. As a result of continuously validating assets against both legitimate traffic and malicious DDoS attacks, two things happened:
- Minimized false positives – RADAR’s insights helped configure the company’s DDoS protection for maximum resilience, ensuring no legitimate traffic was being blocked.
- Maximized, continuous DDoS resilience – RADAR continuously tested, identified, and triaged DDoS vulnerabilities, preempting potential DDoS exposures and effectively eliminating risk.
Customer Benefits
Using RADAR, the company’s CISO gained visibility into DDoS vulnerabilities and was able to proactively secure online services – regardless of any changes that their digital transformation process required. This visibility was achieved quickly and effectively.
RADAR was deployed and complimented the company’s existing DDoS protection solution. Their security teams focused their efforts on prioritizing DDoS vulnerabilities, thereby saving valuable time and budgets – and achieving true DDoS resilience.
MazeBolt RADAR gave us real-time insight into our DDoS exposure and better management of our online services. Now we have actual DDoS visibility.
– CISO, Global Fintech organization
Banking and Financial Services
From 50% to Less Than 15% DDoS Risk
A leading, North American financial services provider used RADAR™ to close severe DDoS vulnerability gaps & avoid damaging DDoS downtime.
The Customer
The company offers a range of digital financial services, including investment, mortgage, and retirement planning. Having suffered an uptick of attacks and a major business disruption, the company chose MazeBolt to conduct annual red team testing. During the test, they discovered that they were vulnerable to 50% of the attack vectors tested.
Key Takeaways
Customer Challenges
- Providing uninterrupted digital services
- Lack of visibility into a dynamic DDoS attack surface
- The limited effectivity of red team testing
Our Impact
- Reducing exposure from 50% to less than 15%
- Maintaining the business continuity of online services
- Validating changes in network configuration
- DDoS testing without any operational disruption
The Challenge
When they realized the severity of their DDoS exposure, the company understood the need for continuous DDoS vulnerability testing and remediation. Their red team test was limited due to the limited attack surface coverage – only 3 targets and up to 15 attack vectors, so the test results were not a sufficient method for evaluating the effectiveness of the customer’s DDoS protection.
Our Solution
The company implemented RADAR to perform thousands of DDoS simulations for over 140 attack vectors, and a larger number of targets. With MazeBolt’s analysis and remediation plan in hand, the company was able to work with its DDoS protection vendor and close DDoS vulnerability gaps, dramatically reducing DDoS risk.
Customer Benefits
After remediation changes were implemented, the company achieved the highest level of business continuity and DDoS readiness. They were able to continue to validate all changes in network configuration with zero operational downtime.
Now that we are aware of the DDoS vulnerabilities in our environment, we will continue to use RADAR testing to remediate and close vulnerabilities.
– COO, Leading North American Financial Services Provider
Data Sheets
eBook
Infographics
Infographic: DDoS Testing Vs. DDoS RADAR™ Testing
DDoS testing is critical in order to uncover vulnerabilities that enable successful DDoS attacks. But is traditional DDoS testing really effective? Or, is RADAR the only way to uncover DDoS vulnerabilities and prevent damaging DDoS attacks?
Get the infographic to discover the pros and cons of DDoS testing.
Get the full infographic here.
Infographic: DDoS Testing Vs. DDoS RADAR™ Testing
Reports
2025
DDoS Trends Report
Predictions Based on MazeBolt Research into DDoS Attacks
Executive Summary
Why does the risk of Distributed Denial-of-Service (DDoS) attacks continue to rise?
DDoS attacks surged almost a third (30%) in the first half of 2024 compared to the same period in the previous year. Moreover, DDoS attacks on critical infrastructure increased by 55% in the last four years.
Hacktivist groups motivated by political and ideological agendas are driving the current growth in DDoS attacks. Moreover, today’s DDoS attacks may utilize advanced botnets to implement sophisticated attack methods that ensure that they are harder to detect and neutralize.
As the DDoS risk increases, awareness of why DDoS attacks persist is a key challenge. Security leaders need to promote an understanding that the main reason DDoS attacks still succeed is due to the existence of unidentified DDoS vulnerabilities. Therefore, the only way to mitigate the risk of attack is through a process of continuous testing, vulnerability identification, timely remediation, and validation.
This type of ongoing, proactive approach is crucial to maintaining DDoS resilience and supporting the business continuity of online services.
This report provides insight into MazeBolt’s DDoS predictions for 2025, based on our own research and reports in the media during 2024.
DDoS Attack Trends for 2025
Based on MazeBolt’s internal and market research, we can expect to see the following DDoS attack trends continuing throughout 2025:
Threat to Democratic Elections
Politically motivated hackers can be expected to continue targeting countries undergoing election cycles. The attacks are likely to be both in the months leading up to elections as well as after the polls have opened. These types of attacks may be successful in causing downtime of electoral websites and infrastructure, and they can undermine the public confidence in election results.
Greater Enforcement of Compliance Requirements
Companies will continue to invest in adapting their cybersecurity processes to meet the more stringent regulations that came into effect recently, avoid stiff fines.
In-Depth Reporting
Companies will need to provide in-depth, timely DDoS resilience and attack reports, to meet the regulations, and this will create a greater need for the ongoing visibility and
Companies will need to provide in-depth, timely DDoS resilience and attack reports, to meet the regulations, and this will create a greater need for the ongoing visibility and attack prevention capabilities provided by continuous DDoS vulnerability testing.
attack prevention capabilities provided by continuous DDoS vulnerability testing.
Industries at Greater Risk
Companies in the industries of banking and financial services, insurance, healthcare, and transportation are expected to continue being targeted more than other industries throughout 2025.
DDoS-for-Hire Services
DDoS-for-Hire gives less technically proficient threat actors an easy way into the hacking industry, by making it easier to launch DDoS attacks. The increase in DDoS-for-Hire tools is particularly notable in Asia and is connected to the rising risk of DDoS attacks across multiple sectors. DDoS-for-Hire gives users the ability to carry out an unwarranted performance, on a network.
2024 DDoS Attack Analysis
A closer look at recently reported DDoS attacks shows that new DDoS attack techniques and emerging vulnerabilities are creating significant challenges for organizations that are trying to protect their digital services. Here are the most significant attack trends that emerged based on the data from recent DDoS attacks.
The Threat to Democratic Elections
2024 was a landmark year in electoral politics, with 50 countries plus the European Union – representing a total of over 2 billion voters – holding elections. Politically motivated DDoS attacks took place in countries in the months leading up to elections as well as after the polls opened.
In some cases, the DDoS attacks were successful in disrupting critical election infrastructure, causing downtime, and undermining the confidence of the public in the reliability of election results. DDoS attacks peaked around critical dates, indicating a coordinated effort to disrupt electoral processes.
Funding for the work of the threat actors, including both criminal groups and hacktivists, allegedly was provided by nation-states.
Examples of DDoS attacks during election cycles include:
US
What is a DDoS Attack? Elon Musk Claims Cyberattack Delayed Trump Interview
France
First Round of French Election: Party Attacks and a Modest Traffic Dip
Venezuela
Venezuela’s Election as seen in Cyberspace
More Stringent Compliance Regulations
With the DORA and NIS2 Directive regulations in the EU, and new SEC regulations in the US, 2024 has seen a significant shift in the stringency of DDoS testing. One of the key aspects of the regulations involves more in-depth, transparent, and timely reporting requirements – and continuous DDoS testing is essential to complying with these requirements.
Enterprises doing business in Europe and the US must enhance their cybersecurity processes to meet the new regulations and avoid hefty fines. The DORA regulations, for example, are based on the following five pillars:
High-Profile Arrests of Perpetrators of DDoS Attacks
Law enforcement officials are also making the headlines – with a number of instnaces in which the authorities have taken steps to detain groups responsible for high-profile DDoS attacks. In some cases, the arrest led to a new rash of DDoS attacks in response. For example, after the arrest of Telegram’s CEO Pavel Durov, several hacking groups launched a #FreeDurov DDoS campaign against online services in France. Here are some of the stories covered in the media:
US
France
Telegram’s CEO & Founder Durov Under Arrest: Cybercriminals React
UK
17-Year-Old Linked to Scattered Spider Cybercrime Syndicate Arrested in UK
Spain
Spanish Police Arrest Three Suspects Linked to Pro-Moscow NoName057(16) Hackers
Japan
International Investigation of DDoS Leads to Oita Man’s Arrest
Cambodia
Anti-government Hackers Arrested After Attacks on Cambodian Official Websites
A Shift in DDoS Public Awareness?
DDoS attacks on big name brands such as Disney+ in France, KFC in Italy, and Starbucks in the US were discussed in online forums and on social media. While these attacks were not confirmed publicly as DDoS attacks, the headlines associating them with DDoS are indicative of an increase in public awareness of DDoS dangers.
Top DDoS Targets: Breakdown by Industry
The following industries were the worst hit by DDoS attacks:
Finance
Disrupted online services and availability,
causing financial
and reputational damages
Healthcare
Targeted the patient management systems and telemedicine platforms used by healthcare providers
Government
Often coincided with political events; aimed to erode public trust and disrupt administrative functions
Transportation
Disrupt airlines and railway booking systems; exposed or blocked access to sensitive data; and impacted supply chains
While many organizations try to hide cyber breaches, the information that did become public made it clear that the most frequently attacked organizations provide financial services.
These include banks, payment processors, and other financial organizations. After financial services, the industries most targeted include healthcare, government organizations, and transportation.
The Most Prevalent Types of DDoS Attacks
The impact of a DDoS attack depends on several factors, including the scale of an attack, the nature of the attack, and the ability of the target system to handle the attack. While the frequency of DDoS attacks continues to rise, the attacks are also evolving in complexity and scale. For example, sophisticated DDoS attack methods are being implemented by advanced botnets such as the botnet malware family Gorilla.
In recent months, a marked increase has been seen specifically in the following types of DDoS attacks:
A Growing Threat: DDoS-for-Hire Services
Typically, DDoS attacks were carried out by highly skilled hackers with access to large networks of compromised devices, often referred to as botnets. With the rise of the commercialization of cybercrime, a new and concerning trend has emerged: DDoS as a Service (DDoSaaS). This trend significantly lowers the barrier to entry for launching powerful DDoS attacks. It is a model that allows individuals with limited technical skills to utilize botnet infrastructure and launch attacks against targets of their choice.
Greater Accessibility
DDoSaaS platforms are available on the dark web – as well as through “legitimate” channels on the open internet, where they are marketed as “stress testing” services. (By masquerading as legitimate services, they can be sold on the open internet). “Legitimate” channels include Telegram Channels, DDoS-for-Hire Forums and API-based DDoS Platforms.
These services provide simple, web-based dashboards and interfaces, allowing users to easily configure and launch attacks without requiring in-depth technical knowledge.
Users can usually select from various DDoS attack types, including volumetric floods, protocol attacks, and application layer attacks.
Greater Affordability
Services are typically offered through tiered subscription plans, with prices ranging from as low as $10 (on sale!) to $500 per month. Pricing often depends on factors like attack duration, volume, frequency, and the number of concurrent targets.
Most platforms accept easy-to-use payment methods such as cryptocurrency payments – particularly Bitcoin, for anonymity. Some services even accept PayPal and other payment methods.
More Effective
DDoSaaS providers maintain networks of compromised devices (frequently called botnets) to carry out attacks. These botnets can sometimes generate very high traffic volumes.
Many of these services utilize reflection and amplification methods to increase attack power and effectiveness.
Most platforms offer features to hide users’ identities, like not tracking IP addresses and encouraging VPN/Tor network usage.
Providers Operate Like Legitimate Businesses
Many DDoSaaS providers offer customer support, tiered service packages, and performance guarantees. Some even offer Service Level Agreements (SLAs) and refunds if an attack doesn’t achieve the desired outcome.
Beyond DDoS, some platforms offer other malicious tools like IP trackers or credential stuffing services.
DDoSaaS is Contributing to a Notable Surge in DDoS Attacks
The proliferation of DDoSaaS has democratized cyberattacks, making them accessible to anyone with malicious intent and a modest budget. As a result, organizations must be more vigilant than ever, adopting proactive cybersecurity measures. Businesses can reduce the risk of downtime, protect their reputation, and ensure the continuity of their operations by:
- Understanding the mechanics of DDoSaaS
- Implementing robust defenses
- Continuously testing for DDoS vulnerabilities
DDoSaaS is not just a passing fad. It’s a growing business that has solidified its place in the cybercrime ecosystem. The best defense is to be proactive, continuously test for vulnerabilities, and adapt to the changing threat landscape.
Drill-Down: Top Attacks
The tables below provide insight into DDoS attacks published in the media during the third quarter of 2024. See also MazeBolt’s attack reports for Q1 and Q2.
July
August
September
Key Takeaways
Even with the best DDoS protections in place, the MazeBolt research team has found out, on average, 37% of an organization’s DDoS attack surface still remains vulnerable to DDoS attacks. This is because, over time, changes in IT systems and online services lead to security policy drift that results in DDoS vulnerabilities and misconfigurations, which leave organizations unprotected.
Shifts in the DDoS attack landscape that were particularly noteworthy this year included:
- The growing number of attacks disrupting elections
- New and more stringent compliance regulations that went into effect (NIS2, DORA)
- Greater public awareness of DDoS – in response to both the headlines around high-profile arrests of perpetrators of DDoS attacks, and several alleged DDoS attacks on big name brands
- Increased adoption of the business model known as DDoS-for-Hire services
Protecting organizations from damaging DDoS attacks – and thereby strengthening the business continuity of online services – requires:
Continuous
DDoS Testing
Sharpening of Operational Resilience
Transparency
and Reporting
Regulatory
Compliance
About MazeBolt
MazeBolt RADAR™ is a patented DDoS Vulnerability Management solution. Using thousands of non-disruptive DDoS simulations and without affecting online services, it can identify and enable the remediation of vulnerabilities in deployed DDoS defenses. RADAR™ enables organizations and governments to maintain the uninterrupted business continuity of online services. Using RADAR’s patented vulnerability simulation technology, enterprises have unparalleled visibility into their DDoS protection solutions so they can be confident that damaging DDoS attacks can be prevented – before they happen.
Read more at: https://www.mazebolt.com
Whitepapers
Videos
