DDoS attack volume rises, peak power reaches 1.7 Tbps

The total number of DDoS attacks during H1 2024 amounted to 830,000, an increase of 46% when compared to H1 2023, according to Gcore. Peak attack power rose from 1.6 terabits per second (Tbps) in H2 2023 to 1.7 Tbps.

DDoS attacks hit Gaming, tech, finance sectors hard

UDP floods made up 61% of DDoS attacks, while TCP floods and SYN floods constituted 18% and 11% of the total respectively. The most-attacked business sectors were gaming (49%), technology (15%), financial services (12%) and telecommunications (10%).

The e-commerce (7%) and media and entertainment (5%) industries emerged from the ‘other’ category in H1 2024, indicating that they were being targeted more often than in the past.

The Q1–Q2 2024 report shows that the total number of attacks continued to rise. While the power of the attacks – first measured in Tbps in the second half of last year – increased slightly from 1.6 to 1.7 Tbps, this still poses a growing threat to organizations.

Attacks on the gaming industry in H1 2024 continued to dominate and rose by 3% over H2 2023. Gcore saw DDoS attacks being used by gamers and gaming groups as a tactic against opponents to derive competitive advantage in tournaments and matches.

However, the biggest change over the previous two quarters was in the number of attacks on the technology industry, which more than doubled to 15%. The sector has become increasingly attractive for bad actors seeking to disrupt businesses that host critical infrastructure.

In terms of the industries most impacted by network-layer attacks in H1 2024, gaming sat in first position at 47%, technology came in second with 31% of the attacks, and the telecommunications sector was third most-affected with 14%.

Financial services most targeted in application-layer attacks

Among the industries affected by application-layer attacks, financial services were highly targeted with 41% of all attacks, likely because of the sector’s low tolerance for disruption and downtime and the monetary gains available to attackers. E-commerce was the second most-affected sector with 28% of application-layer attacks, with media and entertainment third with 13% of the total application-layer attacks.

“We should not be fooled by the rise of only 0.1 terabit per second in the first half of this year, given that a mere 300 Gbps attack will take an unprotected server offline in seconds. The payload of any attack measured in terabits is immense and any rise in attack potency, no matter how small, can have serious repercussions at these levels,” said Andrey Slastenov, Head of Security at Gcore.

“As far as attack numbers are concerned, the rise is worrying, and industries must think about why they are being targeted so they can protect themselves. In gaming, some attacks are carried out between competitors. Others are designed to affect the monetization of the gaming industry, which is directly affected if a DDoS attack takes the gaming service offline. The same is true for technology companies whose services are seriously disrupted if servers, networks, and storage services are unavailable,” concluded Slastenov.

The vast majority of attacks lasted under ten minutes, while the maximum attack duration recorded during H1 2024 lasted for 16 hours. The potency of even the shortest attacks, however, was strong, which would often have led users to abandon the services they were trying to access with a significant impact on the brand reputation of the provider.

The variability in the duration and types of attacks illustrates the sophisticated tactics and customised methods that attackers are using to create the maximum possible disruption,” Andrey Slastenov commented. “What is clear from this report is that attacks are not slowing down, which means a robust response in the form of DDoS detection, mitigation and protection must be a top priority to avoid disruption, downtime, and revenue loss.”