1

Surge in DDoS Attacks: Gcore Report Reveals 46% Increase in First Half of 2024

Désolé, cet article est seulement disponible en en, ru et ua.

Monitoring evolving DDoS trends is essential for anticipating threats and adapting defensive strategies. The comprehensive Gcore Radar Report for the first half of 2024 provides detailed insights into DDoS attack data, showcasing changes in attack patterns and the broader landscape of cyber threats. Here, we share a selection of findings from the full report.

 

Key Takeaways

 

The number of DDoS attacks in H1 2024 increased by 46% compared to the same period last year, reaching 445K in Q2 2024. Compared to data for the previous six months (Q3–4 2023), it increased by 34%.

 

 

Peak attack power increased slightly: The most powerful attack in H1 2024 reached 1.7 Tbps. By comparison, in 2023, it was 1.6 Tbps. Although there has only been an increase of 0.1 Tbps in a year, this still indicates a gain in power that poses a significant danger.

 

To put this into perspective, a terabit per second (Tbps) represents a massive amount of data flooding a network, equivalent to over 212,000 high-definition video streams being transmitted simultaneously. Considering that even a 300 Gbps attack can make an unprotected server unavailable and cause it to lose reputation, loyalty, and customers, any increase within the Tbps capacity is significant.

 

Most-Attacked Industries

 

The gaming and gambling industry remains the most affected, accounting for 49% of attacks. This sector is particularly vulnerable due to its competitive nature and the high financial stakes involved in online gaming.

 

 

The technology industry experienced a significant uptick in attacks, doubling 15% of total incidents. Technology providers host essential services including servers, storage, and networking resources, making disruptions particularly impactful across numerous other industries. Financial services, telecom, and e-commerce follow, with 12%, 10%, and 7% of the attacks, respectively.

 

Network vs. Application Layer Attacks

 

Network-layer attacks (L3–4) have predominantly impacted the gaming, technology, and telecom industries due to the critical nature of their real-time data services. Application-layer attacks (L7) have significantly affected sectors, such as financial services, e-commerce, and media, disrupting transaction processing and content delivery.

 

In the network layer, the gaming and gambling sectors face the brunt due to their real-time interaction requirements and high user engagement, which make them prime targets. For technology providers, the broad impact of attacks can disrupt multiple client services simultaneously, causing extensive operational interruptions. Telecom companies, which underpin the connectivity and communication framework, can experience widespread service disruptions during attacks, affecting countless users and businesses.

 

 

Application layer (L7) attacks are a particular risk for the financial sector due to the severe repercussions, associated with downtime and regulatory penalties. E-commerce and the media and entertainment sectors, which rely heavily on continuous customer engagement and seamless content delivery respectively, face significant challenges in maintaining service stability during such attacks.

 

 

Attack Origins and Types

 

 

Identifying the origins of application-layer attacks involves tracing IP addresses to specific countries, providing actionable intelligence for defensive strategies. In contrast, network-layer attacks often involve IP spoofing, complicating origin tracking. Common attack methods include UDP floods for network-layer attacks and HTTP floods for application-layer attacks, targeting vulnerabilities in communication protocols.

 

 

 

Attack Duration

 

Most DDoS attacks are brief, typically lasting under 10 minutes, but their frequency and intensity can cause substantial operational disruptions. However, the longest attack in H1 2024 lasted 16 hours, highlighting the need for robust and responsive mitigation strategies.

 

 

 

Personalized Attacks

 

Attackers are increasingly personalizing their methods, targeting specific industries. This trend towards more sophisticated attacks requires advanced, tailored defensive measures and underscores the importance of international cooperation in cyber defense. Personalized attacks in the gaming industry often aim to degrade specific servers, compelling users to switch to rivals, while in financial services, often the goal is to cause maximum disruption for immediate financial gain through ransomware.

 

The variability in the duration of attacks indicates that the perpetrators are adopting more sophisticated tactics, customizing their methods to align with the vulnerabilities and priorities of their targets. In the gaming industry, for instance, attacks are generally short-lived and less powerful but occur with greater frequency. This tactic aims to continually disturb a particular server, thereby degrading the gaming experience in hopes of compelling players to migrate to rival servers. In contrast, for the financial services and telecommunications sectors—where service disruptions have incredibly high stakes and revenue repercussions are more immediate—attacks tend to be more intense in volume and vary significantly in length.

 

Conclusion

 

The issue of DDoS attacks persists as a critical worldwide concern, calling for global collaboration and the exchange of intelligence to act swiftly and minimize the impact of these kinds of attacks.

 

Source: The Hacker News

 

Related Posts

card__image

Cyberattacks on Critical Infrastructure: The Digital Battlefield

Désolé, cet article est seulement disponible en en et ua. Cyber threats are escalating in critical sectors like energy and healthcare. Recent warnings from CISA, NSA, and FBI highlight vulnerabilities exploited by Chinese-linked operations.   In today’s world, it’s hard to miss the constant buzz about cyber threats, especially when they hit critical infrastructure and […]