The Gcore Radar report, released on August 14, 2024, by Gcore—a global provider of edge AI, cloud, network, and security solutions—provides a comprehensive analysis of Distributed Denial of Service (DDoS) attack trends for the first half of 2024. This report reveals a significant surge in the number and intensity of DDoS attacks, offering critical insights into the industries affected and the methodologies employed.
One of the key revelations is the 46% increase in the number of DDoS attacks compared to the same period in 2023. The total number of attacks reached 830,000 in the first half of 2024, marking a sharp rise. More striking is the power of these attacks, which have transitioned from being measured in gigabits per second to terabits per second (Tbps). The peak attack power rose slightly from 1.6 Tbps in 2023 to 1.7 Tbps in early 2024, illustrating how the scale and severity of these attacks have intensified.
Rise in Attack Frequency and Power
Throughout the report, a common theme is the increase in both the frequency and power of DDoS attacks, with UDP floods being the dominant attack method, constituting 61% of all attacks. Following UDP floods, TCP and SYN floods are the next most common attack vectors, making up 18% and 11% of the total, respectively. These figures indicate that while attack methods are diversifying, certain types remain predominant.
Targeted Sectors
The sectors most targeted by these attacks were gaming, technology, financial services, and telecommunications, with gaming being the hardest hit, accounting for nearly half (49%) of all attacks. The report notes a significant rise of 3% in gaming-related attacks compared to the latter half of 2023. A noteworthy trend is the more than doubling of attacks on the technology sector, which now constitutes 15% of total attacks. This sector’s increased vulnerability is attributed to its role in hosting critical infrastructure.
Among the industries impacted by network-layer attacks, technology faced 31% of attacks, followed by telecommunications at 14%. For application-layer attacks, the financial services sector was highly targeted, receiving 41% of all such attacks. E-commerce, emerging from the ‘Other’ category, experienced 28% of application-layer attacks, indicating a growing focus on this sector as well.
Geographic Origins of Attacks
The geographic origin of these attacks also sheds light on global cyber threat patterns. Network-layer attacks primarily originated from the US, followed by Germany, the Netherlands, and Singapore. Application-layer attacks also shared common origins, reinforcing the global scope of these threats.
Growing Sophistication and Brevity
A critical observation from the report is the growing sophistication and brevity of these attacks. Most attacks lasted less than ten minutes, yet their potency was strong enough to disrupt services significantly and damage brand reputation. The longest attack recorded lasted for 16 hours, showing that while duration varies, the impact remains substantial.
Expert Insights and Recommendations
Andrey Slastenov, Head of Security at Gcore, emphasized the need for robust DDoS detection, mitigation, and protection strategies to counter these growing threats. His insights underline the importance of understanding why particular industries are targeted and tailoring defenses accordingly.
Conclusion
A significant finding from the report is the increasing sophistication and brevity of cyberattacks, which have become highly effective at causing disruption and harm. Most attacks were notably brief, often lasting less than ten minutes. Despite this short duration, their impact was substantial, leading to considerable service disruption and significant brand reputation damage. The report also highlighted the longest attack, which persisted for an alarming 16 hours. This demonstrates that while the duration of these threats can vary greatly, their impact remains consistently severe. The evolution of these attacks towards shorter execution times yet with higher efficacy points to a troubling trend. Organizations are now forced to reconsider their security measures, as even brief intrusions can have lasting consequences. The capability to manage and mitigate these swift, sophisticated attacks is more crucial than ever. Companies must invest in advanced security protocols and continuous monitoring to protect against these quick, yet highly damaging, cyber threats. Adapting to this evolving risk landscape is imperative for maintaining service integrity and safeguarding brand reputation.
