Monitoring changing DDoS trends is essential for anticipating threats and adapting defensive strategies. The full Gcore Radar report for the first half of 2024 provides detailed information on DDoS attack data, showing changes in attack patterns and the broader cyber threat landscape. Here we share a selection of findings from the full report.
Key conclusions
The number of DDoS attacks in the first half of 2024 increased by 46% compared to the same period last year and reached 445 thousand in the second quarter of 2024. Compared to data for the previous six months (3-4 quarters of 2023), it increased by 34%.
The peak attack power increased slightly, with the most powerful attack in the first half of 2024 reaching 1.7 Tbps. For comparison, in 2023 it was 1.6 Tbit/s. An annual increase of only 0.1 Tbps, this is still an increase in capacity that poses a significant risk.
To put this in perspective, a terabit per second (Tbps) is a massive amount of data flooding the network, equivalent to more than 212,000 high-definition video streams being transmitted simultaneously. Given that even a 300 Gbps attack can render an unprotected server unreachable and result in loss of reputation, loyalty and customers, any the increase in Tbps capacity is significant.
Industries most under attack
The gaming and gambling industry remains the most affected, accounting for 49% of the total number of attacks. This sector is particularly vulnerable due to its competitive nature and the high financial stakes associated with online gaming.
The technology industry experienced a significant surge in attacks, doubling to 15% of total incidents. Technology providers host essential services, including servers, storage, and network resources, making outages especially important in many other areas. Financial services, telecommunications and e-commerce followed with 12%, 10% and 7% of attacks respectively.
Attacks on the network against the application layer
Network layer (L3–4) attacks mainly affected the gaming, technology and telecommunications industries due to the critical nature of their real-time data services. Application layer (L7) attacks have significantly impacted sectors such as financial services, e-commerce and media, disrupting transaction processing and content delivery.
In Art network layerthe gaming and gambling sectors face the brunt due to their real-time interaction requirements and high user engagement, making them prime targets. For technology providers, the widespread impact of attacks can disrupt multiple customer services at the same time, causing widespread business interruptions. Telecommunications companies, which are at the heart of connectivity and communication, can experience widespread service disruptions during attacks, affecting countless users and businesses.
Application layer (L7) attacks. pose a particular risk to the financial sector due to the serious consequences associated with downtime and regulatory fines. The e-commerce, media, and entertainment sectors, which rely heavily on seamless customer interactions and seamless content delivery, respectively, face significant challenges in maintaining service stability during such attacks.
Origin and types of attacks
Determining the origin of attacks at the applied level involves tracking IP addresses in specific countries, providing actionable information for defensive strategies. In contrast, network-level attacks often involve IP spoofing, making it difficult to trace origins. Common attack techniques include UDP flooding for network-layer attacks and HTTP flooding for application-layer attacks that target vulnerabilities in communication protocols.
Duration of the attack
Most DDoS attacks are short-lived, usually lasting less than 10 minutes, but their frequency and intensity can cause significant disruption. However, the longest attack in the first half of 2024 lasted 16 hours, highlighting the need for robust and responsive mitigation strategies.
Personalized attacks
Attackers are increasingly personalizing their methods by targeting specific industries. This trend toward more sophisticated attacks requires advanced, tailored defenses and underscores the importance of international cooperation in cyber defense. Personalized attacks in the gaming industry often aim to degrade the quality of specific servers, forcing users to switch to competitors, while in financial services the goal is often to cause maximum disruption for immediate financial gain through ransomware.
The variability in the duration of attacks indicates that criminals are using more sophisticated tactics, adjusting their methods according to the vulnerabilities and priorities of their targets. In the gaming industry, for example, attacks are usually short-lived and less powerful, but occur more frequently. This tactic aims to constantly harass a certain server, thereby degrading the gaming experience in the hopes of forcing players to switch to competing servers. In contrast, for the financial services and telecommunications sectors – where service failures have incredibly high stakes and the impact on revenues is more immediate – attacks tend to be more intense in scope and vary significantly in duration.
Conclusion
The problem of DDoS attacks continues to be a significant problem worldwide, requiring global cooperation and intelligence sharing to act quickly and minimize the impact of these types of attacks.
The evolving nature of DDoS attacks with increasing sophistication and precision requires a vigilant and proactive defensive stance. With a network bandwidth of 145+ Tbps, coverage on six continents and a global network that is constantly learning from its millions of Internet properties, Gcore DDoS Protection provides comprehensive protection, ensuring business continuity and robust security across industries vulnerable to these cyber threats.
Get the full Gcore Radar report for even greater understanding.
