Cloudflare, a prominent cybersecurity company, has recently released its research report detailing the latest trends in Distributed Denial-of-Service (DDoS) attacks observed in the fourth quarter of 2024. The report sheds light on the escalating threat posed by hyper-volumetric assaults and underscores the pressing need for organizations to bolster their security defenses in the face of evolving cyber threats.
One of the most alarming revelations in the Cloudflare DDoS Threat Report for Q4 2024 is the unprecedented scale of the attacks encountered throughout the year. The report discloses that Cloudflare successfully thwarted a massive 5.6 terabits per second (Tbps) DDoS attack orchestrated by a Mirai-variant botnet in the fourth quarter of 2024. This attack, launched by a network of 13,000 compromised Internet of Things (IoT) devices, targeted an East Asian Internet Service Provider (ISP) on October 29th. The sheer magnitude of this assault surpasses any previous DDoS attack mitigated by Cloudflare, further underscoring the growing complexity and severity of cyber threats in the digital landscape.
Prior to this record-breaking incident, Cloudflare had already encountered a significant 3.8 Tbps DDoS attack in October 2024, highlighting the escalating trend towards larger and more sophisticated attacks. Despite lasting only 80 seconds, the attack was swiftly neutralized by Cloudflare’s autonomous defense systems, demonstrating the company’s agility and proficiency in handling such high-intensity threats.
The Cloudflare report also draws attention to the alarming increase in hyper-volumetric attacks exceeding 1 Tbps. Throughout 2024, Cloudflare witnessed a staggering 53% rise in the frequency of DDoS attacks, blocking approximately 21.3 million attacks, averaging around 4,870 attacks per hour. Of particular concern is the 1,885% surge in attacks exceeding 1 Tbps quarter-over-quarter, as well as a 175% increase in attacks surpassing 100 million packets per second (pps). These hyper-scale attacks pose a significant challenge to traditional security mechanisms, underscoring the critical need for organizations to enhance their cybersecurity posture.
Moreover, the report highlights a concerning trend observed in the fourth quarter – a 78% increase in Ransom DDoS attacks. Cybercriminals are increasingly leveraging DDoS attacks as a means of extortion, targeting businesses during peak operational periods to maximize their impact and financial gain.
Cloudflare’s analysis also delves into the various types of DDoS attacks detected, including Layer 3/Layer 4 attacks such as SYN floods, DNS floods, and UDP floods, as well as HTTP DDoS attacks. The report notes the prevalence of known botnets in HTTP attacks and the emergence of new techniques, such as spoofing legitimate browsers and leveraging unusual HTTP attributes, to evade detection and amplify the impact of these assaults.
In terms of geographical distribution, Indonesia stood out as the leading source of DDoS attacks, with Hong Kong, Singapore, and China emerging as the most targeted countries. The report also identifies the Telecommunications, Service Providers, and Carriers sectors as the primary targets of DDoS attacks in Q4, underscoring the vulnerability of critical infrastructure to cyber threats.
Despite the majority of attacks remaining relatively small in scale, with the majority of HTTP DDoS attacks not exceeding 50,000 requests per second and network-layer attacks not surpassing 500 Mbps, the emergence of new attack vectors like Memcached and BitTorrent DDoS attacks pose a significant concern. Cloudflare’s report emphasizes the critical importance of proactive DDoS protection strategies and underscores the need for organizations to stay abreast of evolving threats and invest in robust security solutions to mitigate unprecedented scale and complexity attacks effectively.