MUMBAI: The internet's dark side got considerably darker in 2024, with web application and API attacks surging by 21.4 per cent to a staggering 887.4 billion attempts globally, according to CDNetworks' latest State of WAAP Report. If that sounds like a lot, it is—roughly 1.52 billion attacks were thwarted daily throughout the year. That makes it almost a trillion attacks in total in just one year alone. 

The cybercriminal economy is booming, and artificial intelligence has become both sword and shield in this digital arms race. Terabit-level DDoS attacks—the sort that can flatten entire digital infrastructures—increased nearly tenfold compared to 2023, with 219 such behemoths recorded. Most alarmingly, 86 per cent of these mega-attacks lasted longer than 10 minutes, suggesting attackers have ditched the old hit-and-run playbook for prolonged sieges.

Gaming platforms bore the brunt of this digital violence, accounting for 57.38 per cent of network-layer DDoS attacks. The sector's misfortunes peaked with a bone-crushing 2 terabit-per-second assault in March and an application-layer attack exceeding 31 million requests per second in June. As one CDNetworks engineer put it, these weren't just attacks—they were "digital carpet bombings."

E-commerce sites found themselves equally besieged, with bot attacks against online retailers skyrocketing from 18 per cent to 46.2 per cent of all bot traffic. The culprits? Sophisticated scalping bots that have evolved into integrated systems capable of mimicking human behaviour across multiple stages—from login to payment processing. These aren't your grandmother's clunky web scrapers; they're AI-enhanced digital locusts that adapt to security measures in real-time.

The rise of generative AI has democratised cybercrime, lowering the barrier to entry for would-be digital marauders. CDNetworks' platform detected a 114.7 per cent year-over-year increase in blocked bot traffic intercepted by its AI-powered defences. The message is clear: if you're not using AI to defend yourself, you're bringing a knife to a gunfight.

API security emerged as another Achilles' heel, with attacks surging 147 per cent. Most troubling, 78 per cent of these attacks occurred after user authentication—suggesting that once hackers get past the front door, they're often free to ransack the digital house. Traditional security models that focus solely on perimeter defence are proving woefully inadequate.

The assault wasn't evenly distributed. Gaming, e-commerce, and media & entertainment sectors topped the target list, with attackers showing a particular fondness for disrupting digital experiences during peak usage periods. The fourth quarter saw a concentration of attacks, with cybercriminals capitalising on holiday shopping seasons and major game releases.

HTTP protocol violations accounted for 71 per cent of web vulnerabilities exploited, reflecting a 12.17 per cent increase year-over-year. Meanwhile, the humble Syn flood attack remained the weapon of choice for DDoS perpetrators, accounting for 43 per cent of all attacks—proof that sometimes the old ways are still the best ways.

Not all the news was grim. CDNetworks' AI-powered bot management successfully blocked 67 per cent of malicious bot traffic in 2024, up from just 40 per cent in 2023. The platform's crowning achievement came on 1 October, when it successfully mitigated a massive attack targeting a major browser game platform in Southeast Asia—a 1.24 terabit assault at the network layer and over one million queries per second at the application layer—with zero downtime.

The report's recommendations read like a cybersecurity manifesto: phase out single-layer protection strategies, invest heavily in AI capabilities, prioritise unified WAAP platforms over siloed tools, elevate API security from afterthought to centrepiece, and partner with providers offering end-to-end support.

As one CDNetworks executive noted: "The days of reactive cybersecurity are over. In 2024, we saw attackers using AI to probe 50,000 API endpoints in a single operation, boosting attack efficiency by up to 40 times. The only way to fight AI is with better AI."

The message for businesses is stark: adapt or become another statistic. With cyber-attacks showing no signs of slowing and AI making both attackers and defenders more capable, the digital Wild West is only getting wilder. The question isn't whether your organisation will be targeted—it's whether you'll be ready when the digital desperados come calling.