Peak attack power hits record high as threats escalate
LUXEMBOURG, Aug. 14, 2024: Gcore, the global edge AI, cloud, network, and security solutions provider, today announced the findings of its Q1–Q2 2024 Gcore Radar report into DDoS attack trends. While the report reveals a sharp increase of 46% in the number of DDoS attacks compared to the same period in 2023, it is equally alarming that peak attack power measures in terabits per second. This marks a significant rise from gigabits per second a year ago, with the shift to terabits beginning in the second half of last year.
Key Highlights from Q1–Q2 2024
- The total number of attacks during H1 2024 amounted to 830,000, an increase of 46% when compared to H1 2023.
- Peak attack power rose from 1.6 Tbps in H2 2023 to 1.7 Tbps.
- UDP floods made up 61% of DDoS attacks, while TCP floods and SYN floods constituted 18% and 11% of the total respectively.
- The most-attacked business sectors were gaming (49%), technology (15%), financial services (12%) and telecommunications (10%).
- The e-commerce (7%) and media and entertainment (5%) industries emerged from the ‘Other’ category in H1 2024, indicating that they were being targeted more often than in the past.
Gcore Radar is published twice-annually and reflects the state of the DDoS attack landscape, as observed on Gcore’s network. The Q1–Q2 2024 report shows that the total number of attacks continued to rise. While the power of the attacks – first measured in terabits per second (Tbps) in the second half of last year – increased slightly from 1.6 to 1.7 Tbps, this still poses a growing threat to organisations.
Technology emerges as one of the most attacked industries
Attacks on the gaming industry in H1 2024 continued to dominate and rose by 3% over H2 2023. Gcore saw DDoS attacks being used by gamers and gaming groups as a tactic against opponents to derive competitive advantage in tournaments and matches. However, the biggest change over the previous two quarters was in the number of attacks on the technology industry, which more than doubled to 15%. The sector has become increasingly attractive for bad actors seeking to disrupt businesses that host critical infrastructure.
In terms of the industries most impacted by network-layer attacks in H1 2024, gaming sat in first position at 47%, technology came in second with 31% of the attacks, and the telecommunications sector was third most-affected with 14%. Among the industries affected by application-layer attacks, financial services were highly targeted with 41% of all attacks, likely because of the sector’s low tolerance for disruption and downtime and the monetary gains available to attackers. E-commerce was the second most-affected sector with 28% of application-layer attacks, with media and entertainment third with 13% of the total application-layer attacks.
Andrey Slastenov, Head of Security at Gcore, said: “We should not be fooled by the rise of only 0.1 terabit per second in the first half of this year, given that a mere 300 Gbps attack will take an unprotected server offline in seconds. The payload of any attack measured in terabits is immense and any rise in attack potency, no matter how small, can have serious repercussions at these levels.”
“As far as attack numbers are concerned, the rise is worrying, and industries must think about why they are being targeted so they can protect themselves. In gaming, some attacks are carried out between competitors. Others are designed to affect the monetization of the gaming industry, which is directly affected if a DDoS attack takes the gaming service offline. The same is true for technology companies whose services are seriously disrupted if servers, networks, and storage services are unavailable,” concluded Slastenov.
Origin locations of DDoS attacks
At the application layer, Gcore, which has global coverage over six continents, uses attackers’ IP addresses to determine the country of origin. However, to identify the source of network-layer attacks, the company identifies the location of the data centres where the attack packets are received.
In Q1 and Q2 of 2024, the US was the largest source of network-layer attacks. Germany was second, followed by Netherlands and Singapore.
Some of the same attack origins dominated application-layer attacks.
DDoS attack vectors
UDP floods continued to dominate at the L3–4 layers, constituting 61% of DDoS attacks. TCP and SYN floods were the next two attack vectors of choice for cyber criminals clocking up 18% and 11% of the total, respectively.
When it comes to L7 attacks, HTTP flood was by far the most popular attack method.
Short, powerful attack trends continue
The vast majority of attacks lasted under ten minutes, while the maximum attack duration recorded during H1 2024 lasted for 16 hours. The potency of even the shortest attacks, however, was strong, which would often have led users to abandon the services they were trying to access with a significant impact on the brand reputation of the provider.
“The variability in the duration and types of attacks illustrates the sophisticated tactics and customised methods that attackers are using to create the maximum possible disruption,” Andrey Slastenov commented. “What is clear from this Gcore Radar report is that attacks are not slowing down, which means a robust response in the form of DDoS detection, mitigation and protection must be a top priority to avoid disruption, downtime, and revenue loss.”
Gcore Radar offers readers an understanding of the evolving threat landscape and serves as an insight for businesses and individuals seeking to stay informed about the latest developments in cybersecurity.