DDoS attack trends for the second half of 2023 have shown a worrisome increase in their scale and sophistication, as reported by Gcore. The maximum attack power surged from 800 Gbps in the first half of 2023 to a staggering 1.6 Tbps. UDP floods continued to be the most common type of DDoS attack, making up 62% of all attacks, while TCP floods and ICMP attacks followed at 16% and 12% respectively. The remaining attack types, including SYN, SYN+ACK flood, and RST Flood, collectively accounted for only 10% of the total attacks.
Gcore’s findings also revealed a global distribution of attack sources, highlighting the borderless nature of cyber threats. The United States led with 24% of the attack sources, followed by Indonesia (17%), the Netherlands (12%), Thailand (10%), Colombia (8%), Russia (8%), Ukraine (5%), Mexico (3%), Germany (2%), and Brazil (2%). This wide-ranging distribution underscores the need for targeted defense strategies and international policy-making to combat cybercrime effectively.
Determining the exact location of attackers remains a challenge due to techniques such as IP spoofing and the involvement of distributed botnets. This complexity makes it difficult to assess the motivations and capabilities of attackers, which can range from individual hackers to state-sponsored actions.
In terms of targeted industries, gaming suffered the most attacks at 46%, followed by financial services (including banks and gambling services) at 22%, and telecom at 18%. The longest attack duration in the latter half of 2023 lasted 9 hours, with the average attack lasting approximately an hour.
The escalation of DDoS attacks in the second half of 2023 has prompted the cybersecurity industry to measure attacks in terabits, reflecting the growing severity of the threat. Gcore emphasizes the need for international cooperation and intelligence sharing to effectively mitigate these potentially devastating attacks.
According to Gcore’s statistics, UDP floods continued to dominate in the latter half of 2023, while TCP floods and ICMP attacks rose to second and third place, respectively. The number of SYN flood attacks decreased from the first half of 2023, with SYN, SYN+ACK floods, and RST Floods making up the remaining types of attacks in the latter half of the year.
Andrey Slastenov, Head of Security Department at Gcore, expressed concern over the exponential surge in attack power and the evolving tactics utilized by cyber attackers. He emphasized the importance of organizations adopting a multifaceted defense strategy to protect against a range of DDoS techniques, highlighting the potential costly disruptions, reputational damage, loss of customer trust, and security breaches that could result from failing to address these evolving threats.
The increase in attack power to 1.6 Tbps signals a new level of threat that organizations must prepare for. Together with the global distribution of attack sources, it underscores the serious and global nature of DDoS threats, necessitating international cooperation to effectively mitigate these attacks. Gcore anticipates this trend to continue into 2024, highlighting the need for proactive measures to counter these sophisticated cyber threats.