Based on a cross-sectional view of 20% of all web traffic filtered by one cloud platform, Q3 data registered double-digit spikes

Based on its own data as a reverse proxy for about 20% of websites around the world, a global cloud platform has released its analysis of Distributed Denial-of-Service attack trends for Q3 2024.

First, data for that time period and network traffic showed a spike of 49% quarter-over-quarter, and a 55% year-over-year increase.

Second, over 200 hyper-volumetric DDoS attacks exceeded rates of 3Tbps and 2Bpps. The largest attack peaked at 4.2Tbps and lasted for one minute on 21 October.

Third, in the same data, traffic from China was the most targeted by DDoS attacks, followed by those for the United Arab Emirates and Hong Kong. Indonesia was the largest source of DDoS attacks. Also:

  • Ranked by industry, Banking & Financial Services were the most attacked, followed by Information Technology and Services, and the Telecommunications and the Service Providers and Carriers sector.
  • Ranked by attack types, HTTP application layer strikes (registering a 61% increase quarter-over-quarter and 68% increase YoY) shared half the incidents with those targeting the network layer (increases of 51% and 45% quarterly/YoY).
  • 90% of the DDoS attacks in the data analyzed, including the largest of attacks, were very short lived. There was a 7% increase in attacks lasting more than an hour, which accounted for 3% of all attacks in the Q3 data.
  • Ranked by attack vector, network-layer DDoS attacks were dominated by SYN flood types, followed by those of the DNS floods, UDP floods, SSDP reflection, and ICMP reflection types. HTTP DDoS attacks were dominated by known botnets (72%), suspicious or unusual attributes (13%), those from fake browsers/browser impersonators (9%), and those targeting login endpoints and cache busting (6%).
  • 80% of HTTP DDoS attack traffic impersonated the Chrome browser, which was the most common user agent in attacks in Q3 2024. More specifically, Chrome 118, 119, 120, and 121 were the most common versions.

The Q3 data analysis by Cloudflare led to conclusions that “too many organizations reactively deploy DDoS protections after an attack has already caused significant damage” and those with well-prepared, comprehensive security strategies are usually far more resilient against such cyber threats.