Gcore’s latest DDoS Radar report analyzes attack data from Q3–Q4 2024, revealing a 56% YoY rise in the total number of DDoS attacks with the largest attack peaking at a record 2 Tbps. The financial services sector saw the most dramatic increase, with a 117% rise in attacks, while gaming remained the most-targeted industry. This period’s findings emphasize the need for robust, adaptive DDoS mitigation as attacks become more precise and frequent. Let’s dive into the numbers.
Here are the four key takeaways from Gcore Radar:
The report highlights a sustained increase in attack frequency. Compared to Q3–Q4 2023, DDoS attacks have risen by 56%, underscoring the long-term growth trend.
Gcore identifies several technological and environmental factors that are likely contributing to the rising number of attacks:
The largest recorded attack in Q3–Q4 2024 hit 2 Tbps, targeting a major global gaming company. This represents an 18% increase from the previous peak of 1.7 Tbps in Q1–Q2 2024.
While large-scale attacks like these are often mitigated quickly, their destructive potential continues to grow. Terabit-level attacks can cause widespread service outages and financial losses, particularly for businesses reliant on real-time operations.
Gaming remains the most-attacked sector, though its share of total attacks dropped from 49% in Q3–Q4 2023 to 34%. Possible explanations include:
Also notable is the uptick in attacks on financial services, rising from 12% to 26% of total incidents. The sector’s heavy regulation, critical online services, and susceptibility to ransom-based attacks make it a prime target.
The full Gcore Radar report shares industry data for media and entertainment, retail, telecommunications, technology, and other industries.
The distribution of DDoS attacks across the network and application layers during H2 2024 highlights a greater prevalence of network-layer attacks.
At the network layer, UDP flood attacks remain the most common method, accounting for 60% of all network-layer attacks. However, ACK flood attacks are on the rise, now making up 7% of total attacks. These attacks mimic legitimate traffic, making mitigation more challenging.
At the application layer, L7 UDP flood attacks accounted for 45%, while L7 TCP flood attacks rose to 37%. Gcore notes that the latter is gaining traction due to its ability to evade traditional filtering mechanisms.
One of the most notable shifts is the decrease in attack duration. The longest recorded attack in Q3–Q4 2024 lasted just five hours, compared to 16 hours in the previous period.
Shorter, high-intensity burst attacks are becoming more common. These attacks:
Geopolitical tensions and economic rivalries continue to shape the DDoS landscape, with politically motivated attacks targeting financial services, critical infrastructure, and high-value enterprises. Meanwhile, regions with dense internet infrastructure—such as the Netherlands, the US, and China—serve as both launch points and battlegrounds for cybercriminal groups leveraging botnets, proxy networks, and DDoS-for-hire services.
The report identifies key regions contributing to DDoS attack traffic:
Download the full report for application-layer attack geographic data.
Gcore DDoS Protection leverages 200+ Tbps filtering capacity across six continents to neutralize attacks in real time. As DDoS threats evolve, organizations must adopt proactive defense strategies to safeguard their digital assets.
Note: This article is expertly written and contributed by Andrey Slastenov, Head of Security at Gcore.
