Average DDoS attack costs $6,000 per minute
2023 saw a surge in the frequency and duration of DDoS attacks, and in the first half of 2024, it’s clear that surge has become the new normal, according to Zayo.
DDoS attack duration increases
DDoS attacks surged 106% from H2 2023 to H1 2024. The report also found that an average DDoS attack now lasts 45 minutes—an 18% increase from last year—costing unprotected organizations approximately $270,000 per attack at an average rate of $6,000 per minute.
While long-duration attacks can cripple an organization, short-burst attacks are equally dangerous, often utilized to assess the effectiveness of the target’s defenses. Moreover, the methods employed to execute DDoS attacks are also undergoing changes. Understanding these changes is crucial. Increasingly, attackers are employing multi-vector DDoS attacks, which involve combining various DDoS attack methods into a brief attack and then repeating the process shortly thereafter.
Once again, short burst attacks – those lasting less than 10 minutes – still represent the vast majority of attacks. Specifically, in the first half of 2024, almost 86% of all DDoS attacks lasted less than 10 minutes. This percentage is up from the second half of 2023. Then, 72% of all attacks lasted less than 10 minutes.
It takes very little time, expertise, or investment to run a DDoS attack, and with the AI boom, bot-based attacks have made it even easier to attack more often, in a more sustained manner, and with more requests per second. Beyond intensifying frequency and duration, AI is also driving the increased pervasiveness of DDoS attacks across many industries.
In fact, for the first time in this report’s history, HR and staffing, legal and consulting, and transportation firms surfaced as victims of the top 10% of the largest DDoS attacks seen.
“As we predicted last year, DDoS attacks in the age of AI have become more persistent and frequent across all industries, and our latest report confirms this heightened level as the new norm. What’s worse, if this trend continues, we expect attacks could increase another 24% by the end of the year,” said Max Clauson, SVP of Network Connectivity at Zayo. “The only way to fight back is to add protection to your tech stack. When your business is protected, attackers have no other option but to move on to find an easier target.”
Hackers target business hours for maximum disruption
Telecommunications companies are still the most targeted industry, making up 57% of all attacks. Other familiar industries experiencing the most frequent attacks include education (19%), manufacturing (5%), and cloud/SaaS (5%).
Manufacturing has replaced retail as the industry facing the largest DDoS attacks, followed by healthcare (up 128.5% compared to H1 2023). Not only did this industry experience a 308% increase in attack duration from 2023 to 2024, these companies also suffered a 200% increase in DDoS attack size.
Government entities continued to be the victims of the longest-duration attacks, with an average attack time of over six hours. This is up 41% from H1 2023.
Similar to years past attackers chose to launch their attacks during the most disruptive times – during the business week and specifically during business hours. Even hackers from overseas synchronize their attacks to coincide
with the busiest periods of the target’s business day.
For nearly 30 years, DDoS attacks have been effective and the introduction of AI to deploy and elevate these attacks is only allowing them to evolve, growing more powerful, subversive, and frequent. Every business must understand that it is a target, regardless of industry or size.
The financial and reputational damage caused by DDoS attacks can be devastating, leading to significant revenue losses and long-term harm to brand trust. Additionally, the cost of mitigating attacks and restoring services is substantial, draining resources that could be better spent on growth and innovation. The only fighting chance businesses have is to implement a proper network protection strategy.