Other findings in the report include an average of 5,000 malicious events (up 30%), and an observation that the Asia Pacific region came off relatively lightly: during the first half of 2021, a company in the Americas or Europe and the Middle East and Africa (EMEA) had to repel, on average, twice the average attack volume experienced a company in Asia-Pacific.
The Americas and EMEA accounted for about 80% of the blocked attack volume during that six-month period.
"While large ransomware attacks are capturing headlines, companies need to pay attention to other cyber threats," said Radware director of threat intelligence Pascal Geenens.
"From an increase in DDoS extortion campaigns and DDoS hit-and-run assaults, to a hactivist group targeting financial organisations in the Middle East, the second quarter saw a concerning amount of cyber activity compared to the activity levels we saw during the same quarter last year.
"The results of this report should serve as a strong reminder to enterprises that no company is immune from being a target."
Radware also looked at the attention different industries were receiving from attackers.
Hardest hit was the technology sector, averaging almost 3,000 attacks per company, followed by healthcare (2,000) and finance (1,350).
Retail, communications and telecommunications companies averaged between 600 and 1,000 attacks, followed by the gaming industry (400 attacks per company) and government and utility organisations (280).
The highest volume attacks were directed to the retail sector, followed by gaming, telecommunications and technology.
Some companies in the finance and technology sector faced 'hit-and-run' DDoS attacks involving repeated short bursts with very high volume. One 45-minute attack involved multiple consistent 80Gbps bursts lasting two to three minutes on a four minute cycle.
Ransom denial-of-service (RDoS) attacks, which threaten an attack unless the victim pays a ransom have been a persistent component of the DDoS threat landscape since August 2020, according to Radware. But the second quarter of 2021 saw a renewed extortion campaign by an actor posing as Fancy Lazarus.
Unsolicited vulnerability scans are another issue. During the second quarter of 2021, companies blocked an average of almost 2,000 scan events of this kind.
According to Radware, 40% of them were performed by potentially malicious scanners looking to actively exploit known vulnerabilities and attack an organisation.
"Organisations are being challenged by well organised threat actors," said Geenens.
"The window between the disclosing and weaponising of new vulnerabilities is getting very slim. In some cases, we observed less than 24 hours between a manufacturer publishing a patch and malicious activity trying to exploit the vulnerability."
Radware's full Q2 DDoS Attack Report is available here (registration required).