This incident highlights that healthcare systems
Major international airports in India operate highly complex, application-driven digital ecosystems supporting millions of passengers annually. Public-facing web applications and APIs enable critical services such as flight bookings, check-in operations, boarding coordination, and real-time flight information. Continuous availability of these systems is essential to airport operations, passenger experience, and public confidence.
safeguard operations, protect sensitive health
data, maintain HIPAA compliance, and preserve
patient trust—even under sophisticated,
evolving cyber threats.
In April 2023, several airports were targeted by a coordinated cyberattack attributed to the hacktivist group Anonymous Sudan. The campaign combined Layer 3–7 Distributed Denial of Service (DDoS) attacks with automated bot traffic, specifically designed to disrupt application-layer services rather than network infrastructure alone.
While multiple airports experienced service disruption, three airports maintained uninterrupted operations by deploying Prophaze Web Application and API Protection (WAAP). The platform enabled real-time detection, adaptive mitigation, and large-scale traffic absorption without impacting legitimate users or airport operations.
0
M+
Malicious requests blocked in real time
0
Gbps+
Attack traffic mitigated without service disruption
0
%
Availability maintained during the attack window
Challenge
- Application-layer DDoS attacks targeting public-facing web applications and APIs
- Bot-driven traffic impacting availability of critical operational services
- Evasion of static, signature-based security controls
- Elevated operational risk during peak passenger activity
- Limited tolerance for false positives or user friction in mission-critical environments
Solution
The protected airports deployed Prophaze WAAP as an always-on security layer for their public-facing applications and APIs.
- Real-time Layer 7 DDoS mitigation for sudden traffic surges
- ML-driven traffic analysis to separate users from bots
- CAPTCHA-less bot mitigation with zero user friction
- Adaptive rate limiting to protect critical APIs
- Geo-fencing and IP intelligence to block high-risk traffic
- Centralized dashboards for real-time attack visibility
Results
- Continuous availability of booking, check-in, and real-time flight services
- Mitigation of over 50 million malicious requests with no impact on legitimate traffic
- Operational continuity maintained during a large-scale aviation cyber incident
- Reduced security and IT workload through automated, adaptive mitigation
- Improved resilience against evolving application-layer attack techniques
” Prophaze WAAP enabled us to maintain continuous operations during a highly coordinated attack. The platform’s adaptive mitigation and real-time visibility allowed us to protect critical services without impacting passenger experience.
“
–
Senior IT Security Leader, Major International Airport
Customer
- Major International Airports in India
Our Role
- API Security
- Layer 7 DDoS Mitigation
- AI-Driven Web Security
- CAPTCHA-Less Bot Protection
- Adaptive Rate Limiting
