16.3 C
Sunday, May 26, 2024

DDoS Attacks Surge in Q1 2024, Cloudflare Mitigates 4.5 Million Attacks

Must read

Cloudflare’s DDoS threat report reveals a 50% YoY increase in DDoS attacks, with DNS attacks surging 80%. The Gaming and Gambling industry was the most targeted globally, while the US saw the most attacks originating from and directed at it.

Cloudflare, Inc., the security, performance, and reliability company helping to build a better Internet, has announced its 2024 Q1 DDoS report. This report includes insights and trends about the DDoS threat landscape — as observed across the global Cloudflare network, which is one of the largest in the world. 

Key findings

  • 2024 started with a bang. Cloudflare’s defense systems automatically mitigated 4.5 million DDoS attacks during the first quarter – representing a 50% year-over-year (YoY) increase.
  • DNS-based DDoS attacks increased by 80% YoY and remained the most prominent attack vector.
  • DDoS attacks on Sweden surged by 466% after its acceptance to the NATO alliance, mirroring the pattern observed during Finland’s NATO accession in 2023.

Starting 2024 with a bang

The first quarter of 2024 is just wrapped up, and already, Cloudflare’s automated defenses have mitigated 4.5 million DDoS attacks – equivalent to 32% of all the DDoS attacks the company mitigated in 2023. Breaking it down to attack types, HTTP DDoS attacks increased by 93% YoY and 51% quarter-over-quarter (QoQ). Network-layer DDoS attacks, also known as L3/4 DDoS attacks, increased by 28% YoY and 5% QoQ.

DNS attacks surge by 80%

DNS-based DDoS attacks have become the most prominent attack vector and its share among all network-layer attacks continues to grow. In the first quarter of 2024, the share of DNS-based DDoS attacks increased by 80% YoY, growing to approximately 54%.

Despite the surge in DNS attacks and due to the overall increase in all types of DDoS attacks, the share of each attack type, remarkably, remains the same as seen in our previous report for the final quarter of 2023. HTTP DDoS attacks remain at 37% of all DDoS attacks, DNS DDoS attacks at 33%, and the remaining 30% is left for all other types of L3/4 attacks, such as SYN Flood and UDP Floods.

When analyzing the most common attack vectors, Cloudflare also checks for the attack vectors that experienced the largest growth but didn’t necessarily make it into the top ten list. Among the top growing attack vectors (emerging threats), Jenkins Flood experienced the largest growth of over 826% QoQ. Jenkins Flood is a DDoS attack that exploits vulnerabilities in the Jenkins automation server, specifically through UDP multicast/broadcast and DNS multicast services.

Another attack vector worth discussing is the HTTP/2 Continuation Flood. This vector is made possible by a vulnerability discovered and reported publicly by researcher Bartek Nowotarski on April 3, 2024.

Top attacked industries

In the first quarter of 2024, the top attacked industry by HTTP DDoS attacks in North America was Marketing and Advertising. The Information Technology and Internet industry was the most attacked in Africa and Europe. In the Middle East, the most attacked industry was Computer Software. In Asia, the most attacked industry was Gaming and Gambling. In South America, it was the Banking, Financial Services, and Insurance (BFSI) industry. Last but not least, in Oceania, the telecommunications industry was present.

Globally, the gaming and gambling industry was the number one target of HTTP DDoS attacks. Over seven of every 100 DDoS requests that Cloudflare mitigated were aimed at the Gaming and Gambling industry. In second place is the Information Technology and Internet industry, and in third, Marketing and Advertising.

Largest sources of DDoS attacks

When analyzing the sources of HTTP DDoS attacks, Cloudflare looks at the source IP address to determine the origination location of those attacks.

In Q1 2024, the United States was the largest source of HTTP DDoS attack traffic, as a fifth of all DDoS attack requests originated from US IP addresses. China came in second, followed by Germany, Indonesia, Brazil, Russia, Iran, Singapore, India, and Argentina.

Also Read: Why Identity Security Should Be the Foundation of Modern Cybersecurity

Most attacked locations

When analyzing DDoS attacks against our customers, Cloudflare uses their billing country to determine the “attacked country (or region)”. In the first quarter of 2024, the US was the most attacked by HTTP DDoS attacks. One out of every 10 DDoS requests that Cloudflare mitigated targeted the US. Second, China, followed by Canada, Vietnam, Indonesia, Singapore, Hong Kong, Taiwan, Cyprus, and Germany.

Commenting on the report, Bashar Bashaireh, Managing Director & Head of Sales – Middle East and Türkiye at Cloudflare, “Cloudflare’s mission is to help build a better Internet, a vision where it remains secure, performant, and accessible to everyone. The challenge is substantial, with four out of every 10 HTTP DDoS attacks lasting over 10 minutes and approximately three out of 10 extending beyond an hour. Yet, whether an attack involves over 100,000 requests per second, as in one out of every ten attacks, or even exceeds a million requests per second – a rarity seen in only four out of every 1,000 attacks – Cloudflare’s defenses remain impenetrable.” 

More articles

Latest news