The frequency and scale of distributed denial-of-service (DDoS) attacks continued to rise in 2024
DDoS Attacks Surge in 2024, Reaching Record-Breaking 5.6 Tbps Assault
The frequency and scale of distributed denial-of-service (DDoS) attacks continued to rise in 2024, with HTTP DDoS incidents surpassing Layer 3/Layer 4 attacks in the fourth quarter, according to Cloudflare’s latest report.
Cloudflare revealed on Tuesday that it blocked an average of 4,870 DDoS attacks per hour, totaling approximately 21.3 million attacks throughout 2024, a 53% increase from the 14 million attacks recorded in 2023.
The number of blocked attacks climbed significantly throughout the year, rising from 4 million in Q2 to 6 million in Q3, and reaching 6.9 million in Q4.
During the last quarter, Cloudflare mitigated 3.5 million HTTP DDoS attacks and 3.4 million Layer 3/Layer 4 attacks. The vast majority of HTTP-based incidents (73%) originated from known botnets, while others involved spoofed legitimate browsers (11%), suspicious HTTP attributes (10%), and other attack vectors (8%).
“These attack groups aren’t always distinct,” Cloudflare noted. “For example, botnets often impersonate browsers and exhibit suspicious HTTP behavior.”
Cloudflare observed that 13 of the most frequently used user agents in DDoS attacks belonged to older Chrome versions (118-129), despite Chrome already being updated to version 132.
In Q4, 92% of HTTP DDoS attacks were conducted over HTTPS, while the remaining 8% used plaintext HTTP. Regarding Layer 3/Layer 4 attacks, SYN floods (38%), DNS floods (16%), and UDP floods (14%) were the most common tactics. Notably, 6% of network layer attacks were carried out by Mirai botnets.
The most significant DDoS attack of Q4 peaked at 5.6 terabits per second (Tbps). It was a UDP-based assault launched by a Mirai-variant botnet targeting an internet service provider in Eastern Asia.
The attack, which lasted 80 seconds, originated from 13,000 unique IP addresses, each contributing approximately 1 Gbps of traffic. This event shattered the previous record-breaking attack of 3.8 Tbps observed by Cloudflare.
While 93% of network layer DDoS attacks remained under 500 Mbps, hyper-volumetric attacks surged to 420 incidents, reflecting a staggering 1,885% quarter-over-quarter increase.
For HTTP-based attacks:
-
63% did not exceed 50,000 requests per second (rps)
-
Only 3% surpassed 100 million rps
-
72% concluded in under 10 minutes
-
22% lasted over an hour, while 11% persisted for more than 24 hours
Similarly, 91% of network layer attacks ended within 10 minutes, with just 2% extending beyond an hour.
In Q4 2024, Indonesia emerged as the largest source of DDoS attacks, followed by Hong Kong and Singapore. Meanwhile, China was the most targeted country, followed by the Philippines and Taiwan.
The most attacked sectors included telecommunications, the internet industry, and marketing firms.
