Monitoring evolving DDoS trends is essential to anticipate threats and adapt mitigation strategies. The comprehensive Gcore Radar Report for H1 2024 provides detailed insights into DDoS attack data, showing changes in attack patterns and the broader cyber threat landscape. Here we share a selection of insights from the full report.
Key findings
The number of DDoS attacks increased by 46% in the first half of 2024 compared to the same period last year, reaching 445,000 in the second quarter of 2024. Compared to the data for the previous six months (Q3-4 2023), this is an increase of 34%.
Peak attack power increased slightly: the strongest attack in the first half of 2024 reached 1.7 Tbps. For comparison, in 2023 it was 1.6 Tbps. Although there was only an increase of 0.1 Tbps within a year, this still indicates an increase in power that poses a significant threat.
To put that into perspective, one terabit per second (Tbps) represents a massive amount of data flooding a network, equivalent to over 212,000 high-definition video streams transmitted simultaneously. Considering that even a 300 Gbps attack can render an unprotected server inaccessible and cause it to lose its reputation, loyalty, and customers, any The increase within Tbps capacity is significant.
Most frequently attacked industries
The gaming and gambling industry remains the most affected, accounting for 49% of all attacks. The intensity of competition and the high financial stakes involved in online gaming make this sector particularly vulnerable.
The technology industry saw a significant increase in attacks, doubling to 15% of all incidents. Technology providers host critical services such as servers, storage and network resources, so disruptions in many other industries are particularly severe. Financial services, telecommunications and e-commerce follow with 12%, 10% and 7% of attacks respectively.
Network vs. application layer attacks
Network layer attacks (L3-4) have particularly impacted the gaming, technology and telecommunications industries, as their real-time data services are critical. Application layer attacks (L7) have significantly impacted industries such as financial services, e-commerce and media, disrupting transaction processing and content delivery.
In the Network layerGaming and gambling industries are most affected due to their real-time interaction requirements and high user engagement, making them prime targets. For technology providers, the wide-ranging impact of attacks can disrupt multiple client services simultaneously and cause extensive service disruptions. Telecommunications companies that support the connectivity and communications framework can experience widespread service disruptions during attacks, affecting countless users and businesses.
Application layer attacks (L7) pose a particular risk to the financial sector due to the severe consequences associated with downtime and regulatory penalties. The e-commerce and media and entertainment sectors, which rely heavily on continuous customer engagement and seamless content delivery respectively, face significant challenges in maintaining service stability during such attacks.
Attack origins and types
To identify the origins of application-layer attacks, IP addresses must be associated with specific countries, which provides actionable information for defense strategies. In contrast, network-layer attacks often involve IP spoofing, making origin tracking difficult. Common attack vectors include UDP floods for network-layer attacks and HTTP floods for application-layer attacks that target vulnerabilities in communication protocols.
Attack duration
Most DDoS attacks are short, typically lasting less than 10 minutes, but their frequency and intensity can cause significant disruption. However, the longest attack in the first half of 2024 lasted 16 hours, highlighting the need for robust and responsive defense strategies.
Personalized attacks
Attackers are increasingly personalizing their methods and targeting specific industries. This trend toward more sophisticated attacks requires advanced, tailored defenses and underscores the importance of international cooperation in cyber defense. Personalized attacks in the gaming industry often aim to compromise specific servers and force users to switch to competitors, while in the financial services sector the goal is often to cause maximum disruption through ransomware for immediate financial gain.
The varying length of attacks suggests that perpetrators are using increasingly sophisticated tactics, adapting their methods to their targets’ vulnerabilities and priorities. In the gaming industry, for example, attacks are generally short-lived and less impactful, but occur more frequently. This tactic aims to continually disrupt a specific server, degrading the gaming experience, in the hope of encouraging players to switch to competing servers. In contrast, attacks in the financial services and telecom sectors – where service disruptions carry incredibly high risks and the impact on revenue is more immediate – tend to be more intense and vary considerably in duration.
Diploma
DDoS attacks continue to be a critical problem worldwide and require global cooperation and information sharing to respond quickly and minimize the impact of such attacks.
The ever-evolving nature of DDoS attacks with increasing complexity and precision requires a vigilant and proactive defense posture. With over 145 Tbps of network capacity, coverage across six continents, and a global network that constantly learns from its millions of Internet objects, Gcore DDoS Protection provides comprehensive protection measures, ensuring business continuity and robust security across various industries vulnerable to these cyber threats.
Get the full Gcore Radar report for even more insights.
