WAF

DDoS attacks in the age of AI and automation

#WAF
Simon Willi

DDoS attacks in the age of AI and automation 

Distributed Denial-of-Service (DDoS) attacks have evolved dramatically. With the rise of AI chatbots, growing adoption of cloud infrastructure and automation tools, attackers now have access to powerful resources to cripple digital services. Large-scale botnets are readily available, even to those with minimal technical skills. 

In fact: 

  • Both the frequency and scale of DDoS attacks are increasing 
  • Attack-as-a-service platforms make launching attacks easy and cheap, even for low-skill attackers. 
  • In Switzerland, financial institutions and critical infrastructure providers have seen a rise in DDoS-related extortion attempts. 

In 2025, DDoS attacks remain a serious threat. The National Cyber Security Centre (NCSC) reports multiple attacks in the past years, their latest report dating back to March 2025.  

 

Attack type: Application-Layer DDoS (HTTP) 

Today’s web applications operate on the application layer. And that’s precisely where modern DDoS attacks strike. Attackers don’t need massive bandwidth to disrupt a web application’s availability – they achieve it by leveraging a distributed network of devices to simulate legitimate user behavior: browsing pages, submitting forms, or requesting dynamic content. These harmless looking requests make it harder to distinguish malicious from legitimate traffic. This is a commonly observed attack pattern for volumetric attacks.  

Since such attacks may originate from all over the world, strict Geo-IP filtering is not a silver bullet. It reduces the exposure but cannot fully prevent such threats.  

Most DDoS attacks are performed in less than 15 minutes. This underlines the importance of early detection, tight rate-limiting thresholds and proactive preventive measures. 

 

Building DDoS resilience with Airlock Gateway 

Airlock Gateway provides multiple protection layers to detect, mitigate and block modern DDoS attacks efficiently.  

Key features include: 

  • Rate Limiting with DoS Attack Prevention: Controls access at the application layer (see documentation
  • Dynamic IP Blocking: Repeated requests from known malicious IP addresses are automatically blocked once a defined threshold is reached. 
  • Geolocation Filtering: Restricts access from selected regions 
  • Anomaly Shield: Detects abnormal and more sophisticated attack patterns 
  • Logging & Monitoring: Analyses ongoing attacks  

We also provide custom Kibana dashboards to support web traffic analysis and define baseline thresholds for rate limiting: 

 

What we’ve learned from recent DDoS attack attempts 

In a recent wave of attacks, we have observed an increase in the size and complexity of modern botnets. Each IP address sends only a minimal number of requests, making these attacks hard to detect. This highlights the importance of analyzing unencrypted traffic, especially when TLS termination is handled by an upstream reverse proxy. For this to work effectively, it is generally recommended to set up the Airlock Gateway as the first reverse proxy. 

At the same time, the Airlock Gateway can support integrations with other systems, allowing suspicious IP addresses to be blocked earlier in the network, without compromising the Gateway’s ability to see and analyze the full traffic. 

In summary, as a central component in modern web infrastructure, Airlock Gateway helps you to: 

  • Detect and distinguish malicious from legitimate requests 
  • Act as the first line of defense at the application layer
  • Integrate with surrounding systems for early upstream blocking of malicious IPs. Our Professional Services team can assist you with implementing integrations with these systems. 
     

What’s next? Connect with us to build stronger defenses 

Have you experienced DDoS attacks recently? Do you have insights that you can share with us? We are continuously improving Airlock Gateway’s DDoS protection and are eager to get your input on the topic. 

Contact us to learn how to protect your web applications from DDoS attacks with Airlock Gateway. 

Quellen

FINMA Risk Monitor
Disruption to federal IT systems due to DDoS attack
NETSCOUT DDoS Threat Intelligence Report

Blog news directly to your inbox

The Airlock Newsletter informs you continuously about new blog articles.

Subscribe to blog news

Information for you

-Our whitepapers-

Whitepaper: How to make cIAM a success

Increasing requirements for security and user-friendliness make Customer Identity and Access Management an essential. Read our whitepaper to find out how you can secure your competitive advantage with the right CIAM strategy.

 

Request whitepaper

Whitepaper: Security for cloud-native applications

You can read about how companies can ensure the security of web applications and APIs in Kubernetes in the white paper "Security for cloud-native applications", which was created in collaboration between heise and Airlock.

 

Request whitepaper

Whitepaper: Zero Trust is a journey

The ongoing digital transformation of the world is progressing and having a profound impact on our personal and professional lives in ways that were difficult to imagine just a few years ago.


This white paper discusses the effects of continuous digitalization and its impact.

Request free of charge

Off to DevSecOps

In this white paper, you will learn the most important insights into how you can implement DevSecOps successfully and efficiently, which security components are required for this and the advantages of a microgateway architecture.

 

Request free of charge

Airlock 2FA - Strong authentication. Simple.

Double security - this is what two-factor authentication offers in the field of IT security.


Find out more about strong authentication and the possibilities offered by Airlock in our white paper.

Download for free

Further whitepapers

We provide you with free white papers on these and other topics:

 

  • Successful IAM projects
  • compliance
  • Data protection (DSGVO)
  • Introduction of PSD2
  • PCI DSS requirementsPCI DSS requirements
Request free of charge