Monitoring evolving DDoS trends is essential to anticipating threats and adapting defensive strategies. The comprehensive Gcore Radar Report for H1 2024 provides detailed insights into DDoS attack data, revealing changes in attack patterns and the broader threat landscape. Here, we share a selection of findings from the full report.

Key Points

The number of DDoS attacks in H1 2024 increased by 46% year-on-year, reaching 445,000 in Q2 2024. Compared to data from the previous six months (Q3-4 2023), the number increased by 34%.

Peak attack power increased slightly, with the strongest attack in H1 2024 reaching 1.7 Tbps. For comparison, in 2023 it was 1.6 Tbps. While this is only an increase of 0.1 Tbps in a year, it still represents an increase in power that poses a significant threat.

To put this into perspective, a terabit per second (Tbps) represents a massive amount of data flooding a network, equivalent to over 212,000 high-definition video streams being sent simultaneously. When you consider that even a 300 Gbps attack can render an unprotected server unavailable and cause it to lose reputation, loyalty, and customers, each The increase in Tbps capacity is significant.

Most attacked industries

The gaming and gambling industry continues to be the hardest hit, accounting for 49% of all attacks. This sector is particularly vulnerable due to the competitive nature and high financial stakes of online gaming.

The technology sector has seen a significant increase in attacks, doubling to 15% of total incidents. Technology providers host essential services including servers, storage and network resources, meaning disruptions are particularly impactful across many other sectors. Financial services, telecoms and e-commerce follow with 12%, 10% and 7% of attacks respectively.

Network vs. Application Layer Attacks

Network layer (L3-4) attacks have primarily affected the gaming, technology, and telecom industries due to the critical nature of their real-time data services. Application layer (L7) attacks have significantly impacted industries such as financial services, e-commerce, and media, disrupting transaction processing and content delivery.

In the network layerGaming and gambling sectors are the most affected due to their real-time interaction requirements and high user engagement, making them prime targets. For technology providers, the broad impact of attacks can disrupt multiple client services simultaneously, leading to extensive operational disruptions. Telecom companies, which support the connectivity and communications framework, can experience widespread service disruptions during attacks, affecting numerous users and businesses.

Application Layer (L7) Attacks pose a particular risk to the financial sector due to the severe consequences of downtime and regulatory sanctions. E-commerce and the media and entertainment sectors, which rely heavily on continuous customer engagement and seamless content delivery, face significant challenges in maintaining service stability during such attacks.

Attack Origins and Types

Identifying the origin of application-layer attacks involves tracing IP addresses to specific countries, which provides useful information for defensive strategies. Network-layer attacks, on the other hand, often involve IP spoofing, which complicates origin tracing. Common attack methods include UDP floods for network-layer attacks and HTTP floods for application-layer attacks, targeting vulnerabilities in communication protocols.

Attack duration

Most DDoS attacks are short, typically lasting less than 10 minutes, but their frequency and intensity can cause significant operational disruption. However, the longest attack in H1 2024 lasted 16 hours, highlighting the need for robust and responsive mitigation strategies.

Personalized attacks

Attackers are increasingly personalizing their methods and targeting specific industries. This trend toward more sophisticated attacks requires advanced, tailored defenses and underscores the importance of international cooperation in cyber defense. Personalized attacks in the gaming industry often focus on degrading specific servers, forcing users to migrate to rivals, while in financial services the goal is often to cause maximum disruption for immediate financial gain through ransomware.

The variability in attack durations indicates that attackers are using more sophisticated tactics and adapting their methods to the vulnerabilities and priorities of their targets. For example, in the gaming industry, attacks are generally short-lived and less powerful, but more frequent. This tactic aims to persistently disrupt a particular server, degrading the gaming experience in the hope that players will migrate to rival servers. In contrast, attacks in the financial services and telecommunications industries, where service disruptions are incredibly high stakes and the impact on revenues is more immediate, tend to be more intense in volume and vary considerably in duration.

Conclusion

DDoS attacks continue to be a major global problem. Global cooperation and intelligence sharing is needed to act quickly and minimize the impact of these types of attacks.

The evolving nature of DDoS attacks, with increasing sophistication and precision, requires a vigilant and proactive defense posture. With 145+ Tbps of network capacity, coverage across six continents, and a global network that continuously learns from its millions of internet properties, Gcore DDoS Protection provides comprehensive safeguards, ensuring business continuity and robust security across multiple industries vulnerable to these cyber threats.

Check out the full Gcore Radar report for even more insights.