Cloudflare has released its report on global DDoS attacks in Q3 2024.
The number of DDoS attacks spiked in the third quarter of 2024. Cloudflare mitigated nearly 6 million DDoS attacks, representing a 49% increase QoQ and 55% increase YoY.
Out of those 6 million, Cloudflare’s autonomous DDoS defense systems detected and mitigated over 200 hyper-volumetric DDoS attacks exceeding rates of 3 terabits per second (Tbps) and 2 billion packets per second (Bpps). The largest attack peaked at 4.2 Tbps and lasted just a minute.
The Banking & Financial Services industry was subjected to the most DDoS attacks. China was the country most targeted by DDoS attacks, and Indonesia was the largest source of DDoS attacks.
Hypervolumetric DDoS attacks
In the first half of 2024, Cloudflare’s autonomous DDoS defense systems automatically detected and mitigated 8.5 million DDoS attacks: 4.5 million in Q1 and 4 million in Q2. In Q3, our systems mitigated nearly 6 million DDoS attacks bringing it to a total of 14.5 million DDoS attacks year-to-date. That’s an average of around 2,200 DDoS attacks every hour.
Of those attacks, Cloudflare mitigated over 200 hyper-volumetric network-layer DDoS attacks that exceeded 1 Tbps or 1 Bpps. The largest attacks peaked at 3.8 Tbps and 2.2 Bpps.
During the Q3 reporting period, Cloudflare’s systems autonomously detected and mitigated a 4.2 Tbps DDoS attack on October 21 that lasted approximately one minute.
Types And Characteristics of DDoS Attacks
Of the 6 million DDoS attacks, half were HTTP (application layer) DDoS attacks and half were network layer DDoS attacks. Network layer DDoS attacks increased by 51% QoQ and 45% YoY, and HTTP DDoS attacks increased by 61% QoQ and 68% YoY.
90% of DDoS attacks, including the largest of attacks, were very short-lived. However, Cloudflare saw a slight increase (7%) in attacks lasting longer than an hour. These longer attacks accounted for 3% of all attacks.
Of the network-layer DDoS attacks, SYN flood was the top attack vector followed by DNS flood attacks, UDP floods, SSDP reflection attacks, and ICMP reflection attacks.
On the application layer, 72% of HTTP DDoS attacks were launched by known botnets and automatically mitigated by Cloudflare’s proprietary heuristics. The fact that 72% of DDoS attacks were mitigated by Cloudflare’s home-grown heuristics showcases the advantages of operating a large network. The volume of traffic and attacks that we Cloudflare sees lets them craft, test, and deploy robust defenses against botnets.
Another 13% of HTTP DDoS attacks were mitigated due to their suspicious or unusual HTTP attributes, and another 9% were HTTP DDoS attacks launched by fake browsers or browser impersonators. The remaining 6% of “Other” includes attacks that targeted login endpoints and cache busting attacks.
One thing to note is that these attack vectors, or attack groups, are not necessarily exclusive. For example, known botnets also impersonate browsers and have suspicious HTTP attributes, but this breakdown is our attempt to categorize the HTTP DDoS attacks in a meaningful way.
Top attacked locations
China was the most attacked location in the third quarter of 2024. The United Arab Emirates was ranked second, with Hong Kong in third place, followed closely by Singapore, Germany, and Brazil.
Canada was ranked seventh, followed by South Korea, the United States, and Taiwan as number ten.
Top attacked industries
In the third quarter of 2024, Banking & Financial Services was the most targeted by DDoS attacks. Information Technology & Services was ranked in second place, followed by the Telecommunications, Service Providers, and Carriers sector.
Cryptocurrency, Internet, Gambling & Casinos, and Gaming followed closely behind as the next most targeted industries. Consumer Electronics, Construction & Civil Engineering, and the Retail industries rounded out the top ten most attacked industries.
Key takeaways
This quarter, Cloudflare observed an unprecedented surge in hyper-volumetric DDoS attacks, with peaks reaching 3.8 Tbps and 2.2 Bpps.
This mirrors a similar trend from the same period last year, when application layer attacks in the HTTP/2 Rapid Reset campaign exceeded 200 million requests per second (Mrps). These massive attacks are capable of overwhelming Internet properties, particularly those relying on capacity-limited cloud services or on-premise solutions.
The increasing use of powerful botnets, fueled by geopolitical tensions and global events, is expanding the range of organizations at risk — many of which were not traditionally considered prime targets for DDoS attacks. Unfortunately, too many organizations reactively deploy DDoS protections after an attack has already caused significant damage.
Cloudflare’s observations confirm that businesses with well-prepared, comprehensive security strategies are far more resilient against these cyberthreats. Cloudflare is committed to safeguarding its customer’s Internet presence. Through significant investment in automated defenses and a robust portfolio of security products, Cloudflare ensures proactive protection against both current and emerging threats.
For more information, read: https://blog.cloudflare.com/ddos-threat-report-for-2024-q3/