Monitoring evolving DDoS trends is essential for anticipating threats and adapting defensive strategies. The comprehensive Gcore Radar Report for the first half of 2024 provides detailed insights into DDoS attack data, showcasing changes in attack patterns and the broader landscape of cyber threats. Here, we share a selection of findings from the full report.
The number of DDoS attacks in H1 2024 has increased by 46% compared to the same period last year, reaching 445K in Q2 2024. Compared to data for the previous six months (Q3–4 2023), it increased by 34%.
Peak attack power increased slightly: The most powerful attack in H1 2024 reached 1.7 Tbps. By comparison, in 2023, it was 1.6 Tbps. Although there has only been an increase of 0.1 Tbps in a year, this still indicates a gain in power that poses a significant danger.
To put this into perspective, a terabit per second (Tbps) represents a massive amount of data flooding a network, equivalent to over 212,000 high-definition video streams being transmitted simultaneously. Considering that even a 300 Gbps attack can make an unprotected server unavailable and cause it to lose reputation, loyalty, and customers, any increase within the Tbps capacity is significant.
The gaming and gambling industry remains the most affected, accounting for 49% of the total attacks. This sector is particularly vulnerable due to its competitive nature and the high financial stakes involved in online gaming.
The technology industry experienced a significant uptick in attacks, doubling to 15% of total incidents. Technology providers host essential services including servers, storage, and networking resources, making disruptions particularly impactful across numerous other industries. Financial services, telecom, and e-commerce follow, with 12%, 10%, and 7% of the attacks, respectively.
Network-layer attacks (L3–4) have predominantly impacted the gaming, technology, and telecom industries due to the critical nature of their real-time data services. Application-layer attacks (L7) have significantly affected sectors such as financial services, e-commerce, and media, disrupting transaction processing and content delivery.
In the network layer, the gaming and gambling sectors face the brunt due to their real-time interaction requirements and high user engagement, which make them prime targets. For technology providers, the broad impact of attacks can disrupt multiple client services simultaneously, causing extensive operational interruptions. Telecom companies, which underpin the connectivity and communication framework, can experience widespread service disruptions during attacks, affecting countless users and businesses.
Application layer (L7) attacks are a particular risk for the financial sector due to the severe repercussions associated with downtime and regulatory penalties. E-commerce and the media and entertainment sectors, which rely heavily on continuous customer engagement and seamless content delivery respectively, face significant challenges in maintaining service stability during such attacks.
Identifying the origins of application-layer attacks involves tracing IP addresses to specific countries, providing actionable intelligence for defensive strategies. In contrast, network-layer attacks often involve IP spoofing, complicating origin tracking. Common attack methods include UDP floods for network-layer attacks and HTTP floods for application-layer attacks, targeting vulnerabilities in communication protocols.
Most DDoS attacks are brief, typically lasting under 10 minutes, but their frequency and intensity can cause substantial operational disruptions. However, the longest attack in H1 2024 lasted 16 hours, highlighting the need for robust and responsive mitigation strategies.
Attackers are increasingly personalizing their methods, targeting specific industries. This trend towards more sophisticated attacks requires advanced, tailored defensive measures and underscores the importance of international cooperation in cyber defense. Personalized attacks in the gaming industry often aim to degrade specific servers, compelling users to switch to rivals, while in financial services, the goal is often to cause maximum disruption for immediate financial gain through ransomware.
The variability in the duration of attacks indicates that the perpetrators are adopting more sophisticated tactics, customizing their methods to align with the vulnerabilities and priorities of their targets. In the gaming industry, for instance, attacks are generally short-lived and less powerful but occur with greater frequency. This tactic aims to continually disturb a particular server, thereby degrading the gaming experience in hopes of compelling players to migrate to rival servers. In contrast, for the financial services and telecommunications sectors—where service disruptions have incredibly high stakes and revenue repercussions are more immediate—attacks tend to be more intense in volume and vary significantly in length.
The issue of DDoS attacks persists as a critical worldwide concern, calling for global collaboration and the exchange of intelligence to act swiftly and minimize the impact of these kinds of attacks.
The evolving nature of DDoS attacks, with increasing complexity and precision, necessitates a vigilant and proactive defensive posture. With 145+ Tbps of network capacity, coverage across six continents, and a global network constantly learning from its millions of internet properties, Gcore DDoS Protection provides comprehensive safeguards, ensuring business continuity and robust security across various industries vulnerable to these cyber threats.
Get the full Gcore Radar report for even more insights.