Distributed denial of service (DDoS) attacks are a foul witches’ brew. They flood a company’s servers and cause them to shut down. This not only disrupts business operations but can also cause companies to lose customers and suffer reputational damage.
In this blog post, I’ll share a handful of insights about the troubling state of DDoS attacks, plus one somewhat humorous insight you can use to amuse techie friends at your next mocktail party (or wherever you and your techie friends gather).
Let’s visit the dark side:
DDoS attacks keep growing in quantity
Since the first recorded DDoS attack against internet service provider Panix (you remember Panix, right?) in September 1996, the number of attacks has consistently increased quarter after quarter, year after year.
In Q4 2023, the cybersecurity company Gcore identified approximately 320,000 DDoS attacks; in Q4 2024, a mere year later, the number had grown to 512,000. That’s an increase of 56%.
DDoS assaults keep getting more intense
Not only has the volume of DDoS assaults grown, but so has their size. According to Gcore, the most significant attack in 2021 was 0.3 Tbps. Three years later, it was six-and-a-half times larger: 2 Tbps. These terabit-level attacks can cripple the performance of networks, applications, and digital services.
DDoS onslaughts are shorter in duration but still deliver a hefty punch
While the number and volume of attacks have grown significantly, the DDoS attacks are increasingly shorter in duration. Nine in 10 (92%) of attacks last under 10 minutes, and only 3% last over an hour, according to Gcore. Attackers have shifted to shorter, more intense assaults in part because these abrupt knockout punches can easily blend in with normal traffic spikes.
That said, DDoS attacks can also cause sustained pain: The longest attack in Q3-Q4 2024 lasted five hours, according to Gcore. However, this falls far short of the previous quarter’s longest attack, which lasted 16 hours.
DDoS targets have broadened
Traditionally, gaming has been the most targeted industry, and this remains true. Nearly 35% of DDoS attacks were aimed at gaming companies. However, financial services (26%) and technology (19%) companies are also top targets, according to Gcore.
Technology companies have drawn the unwanted attention of DDoS attackers because many organizations rely on them for their performance. Taking them down enables attackers to achieve their goal of operational disruption.
A new year, a new emerging method
Network-layer attacks continue to be the primary method of DDoS assaults, accounting for 72% of attacks in Q3-Q4 2024, as opposed to application-layer attacks (28%). UDP (60%) flood attacks are the chief method among network-layer attacks, but SYN (15%) and TCP (12%) flood attacks remain popular. One new development: ACK (7%) flood attacks, which mimic legitimate traffic, are emerging as a noticeable attack vector.
With application-layer attacks, UDP (51%) and TCP (40%) flood attacks are the chief methods of overwhelming application resources.
The vast majority of network-layer (85%) and application-layer (92%) attacks last under 10 minutes.
Finally, a somewhat funny insight about DDoS attacks…
One in 10 (11%) DDoS attacks is self-inflicted, largely because organizations hamper themselves with code issues, network misconfigurations, or problems with application logic, causing them to overwhelm their own servers with an unholy amount of traffic.
Remember to mention that little tidbit at your next mocktail party.
