fbpx
Techitup Middle East
B2B TechnologyCybersecurity

Q1 2024 DDoS Attack Trends – Cloudflare Report 

Cloudflare, Inc., the security, performance, and reliability company helping to build a better Internet, has announced its 2024 Q1 DDoS Attack report. This report includes insights and trends about the DDoS threat landscape — as observed across the global Cloudflare network, which is one of the largest in the world.  

Key findings 

  • 2024 started with a bang. Cloudflare’s defense systems automatically mitigated 4.5 million DDoS attacks during the first quarter – representing a 50% year-over-year (YoY) increase. 
  • DNS-based DDoS attacks increased by 80% YoY and remain the most prominent attack vector. 
  • DDoS attacks on Sweden surged by 466% after its acceptance to the NATO alliance, mirroring the pattern observed during Finland’s NATO accession in 2023. 

Starting 2024 with a bang 

The first quarter of 2024 is just wrapped up, and, already, Cloudflare’s automated defenses have mitigated 4.5 million DDoS attacks – an amount equivalent to 32% of all the DDoS attacks the company mitigated in 2023. Breaking it down to attack types, HTTP DDoS attacks increased by 93% YoY and 51% quarter-over-quarter (QoQ). Network-layer DDoS attacks, also known as L3/4 DDoS attacks, increased by 28% YoY and 5% QoQ. 

DNS attacks surge by 80% 

DNS-based DDoS attacks have become the most prominent attack vector and its share among all network-layer attacks continues to grow. In the first quarter of 2024, the share of DNS-based DDoS attacks increased by 80% YoY, growing to approximately 54%. 

Despite the surge in DNS attacks and due to the overall increase in all types of DDoS attacks, the share of each attack type, remarkably, remains the same as seen in our previous report for the final quarter of 2023. HTTP DDoS attacks remain at 37% of all DDoS attacks, DNS DDoS attacks at 33%, and the remaining 30% is left for all other types of L3/4 attacks, such as SYN Flood and UDP Floods

When analyzing the most common attack vectors, Cloudflare also checks for the attack vectors that experienced the largest growth but didn’t necessarily make it into the top ten list. Among the top growing attack vectors (emerging threats), Jenkins Flood experienced the largest growth of over 826% QoQ. Jenkins Flood is a DDoS attack that exploits vulnerabilities in the Jenkins automation server, specifically through UDP multicast/broadcast and DNS multicast services. 

Another attack vector that’s worth discussing is the HTTP/2 Continuation Flood. This attack vector is made possible by a vulnerability that was discovered and reported publicly by researcher Bartek Nowotarski on April 3, 2024. 

Top attacked industries 

In the first quarter of 2024, the top attacked industry by HTTP DDoS attacks in North America was Marketing and Advertising. In Africa and Europe, the Information Technology and Internet industry was the most attacked. In the Middle East, the most attacked industry was Computer Software. In Asia, the most attacked industry was Gaming and Gambling. In South America, it was the Banking, Financial Services and Insurance (BFSI) industry. Last but not least, in Oceania, was the Telecommunications industry. 

Globally, the Gaming and Gambling industry was the number one most targeted by HTTP DDoS attacks. Just over seven of every 100 DDoS requests that Cloudflare mitigated were aimed at the Gaming and Gambling industry. In second place, the Information Technology and Internet industry, and in third, Marketing and Advertising. 

Largest sources of DDoS attacks 

When analyzing the sources of HTTP DDoS attacks, Cloudflare looks at the source IP address to determine the origination location of those attacks. 

In Q1 2024, the United States was the largest source of HTTP DDoS attack traffic, as a fifth of all DDoS attack requests originated from US IP addresses. China came in second, followed by Germany, Indonesia, Brazil, Russia, Iran, Singapore, India, and Argentina. 

Most attacked locations 

When analyzing DDoS attacks against our customers, Cloudflare uses their billing country to determine the “attacked country (or region)”. In the first quarter of 2024, the US was the most attacked by HTTP DDoS attacks. Approximately one out of every 10 DDoS requests that Cloudflare mitigated targeted the US. In second, China, followed by Canada, Vietnam, Indonesia, Singapore, Hong Kong, Taiwan, Cyprus, and Germany. 

Note: Dive into the full report here

Related posts

du and DSO Partner to Expand Dubai Digital Park Smart Services 

Editor

Cisco and Splunk Integrate Full-Stack Observability Experience

Editor

Freshworks Report: Massive Opportunity for IT Leaders Leveraging AI 

Editor

Leave a Comment