Cloudflare recently released its Q3 2024 DDoS report, shedding light on the current state of distributed denial-of-service (DDoS) attacks. This report draws from data collected across Cloudflare’s expansive global network, one of the largest in the world. It reveals notable trends and insights into the evolving DDoS threat landscape and provides key metrics on attack frequency, volume, and duration.
Rising DDoS Activity – The third quarter saw a significant increase in DDoS attacks, with Cloudflare mitigating nearly six million incidents, representing a 49% quarter-over-quarter (QoQ) and 55% year-over-year (YoY) surge. Of these attacks, over 200 were classified as “hyper-volumetric,” exceeding rates of 3 terabits per second (Tbps) and 2 billion packets per second (Bpps). The largest attack peaked at an impressive 4.2 Tbps, although it lasted only a minute. Notably, these high-volume attacks highlight the escalating scale of threats that businesses face.
Targeted Sectors and Locations – The Banking & Financial Services industry emerged as the most frequently targeted sector. Among geographic regions, China led as the most attacked country, followed by the United Arab Emirates, Hong Kong, Singapore, Germany, and Brazil. Interestingly, Indonesia was identified as the primary source of DDoS attacks, with significant contributions from the Netherlands, Germany, Argentina, and Colombia.
Types of DDoS Attacks – The report observed an equal distribution between network-layer and HTTP (application layer) DDoS attacks in Q3, with both types seeing substantial increases. Network-layer attacks rose by 51% QoQ and 45% YoY, while HTTP-based attacks experienced even sharper spikes, with a 61% QoQ and 68% YoY increase. SYN flood was the most prevalent network-layer attack type, followed by DNS flood, UDP floods, SSDP reflection, and ICMP reflection attacks. On the application layer, 72% of HTTP DDoS attacks were executed by known botnets and mitigated using Cloudflare’s proprietary heuristics.
Hyper-Volumetric DDoS Campaigns – Cloudflare’s systems autonomously mitigated over 200 hyper-volumetric network-layer DDoS attacks, each exceeding 1 Tbps or 1 Bpps. The largest attack during this period peaked at 4.2 Tbps, illustrating the massive scale of DDoS threats. On average, Cloudflare neutralised approximately 2,200 DDoS attacks per hour, underscoring the persistent threat organisations face.
Attack Duration and Characteristics – Most DDoS attacks (90%) were very short-lived, including the largest incidents, yet there was a slight uptick (7%) in attacks lasting over an hour. These longer attacks accounted for 3% of the total. Attackers are increasingly leveraging botnets with diverse user-agent types, including popular browsers and HTTP clients like Go-http-client and fasthttp, which often mask malicious intent.
Addressing the Challenges of Compliance – The rapid escalation in hyper-volumetric DDoS attacks poses challenges for businesses relying on limited-capacity cloud services or on-premise solutions. With geopolitical tensions intensifying, organisations of all kinds are now at risk. Unfortunately, many still react to threats instead of taking proactive measures, leaving them vulnerable.
Bashar Bashaireh, VP for the Middle East and Türkiye at Cloudflare, emphasized the importance of robust cybersecurity strategies. “Our observations confirm that businesses with well-prepared, comprehensive security strategies are far more resilient against these cyber threats,” he said. “At Cloudflare, we’re committed to safeguarding your Internet presence. Through significant investment in our automated defences and a robust portfolio of security products, we ensure proactive protection against both current and emerging threats — so you don’t have to.”
Dive into the full report here.
Discussion about this post