SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image

Cloudflare Q2 report highlights surge in global DDoS attacks

Mon, 15th Jul 2024

Cloudflare has released its Q2 2024 DDoS Threat Report, revealing significant increases in Distributed Denial of Service (DDoS) attacks.

According to the report, Cloudflare's systems detected and mitigated a total of 4 million DDoS attacks, representing a 20% increase compared to the same period in 2023.

The report highlights several key trends in DDoS attacks, including regional and industry-specific targets. Notably, the Commonwealth of the Northern Mariana Islands (CNMI) emerged as the most attacked region, largely due to the high-profile trial of Julian Assange hosted there. Over 78% of CNMI-bound traffic was identified and mitigated as HTTP DDoS attack traffic. Paraguay also saw a 200% increase in network-layer DDoS attack traffic leading up to the 54th General Assembly of the Organization of American States (OAS).

Cloudflare's automated defenses have become more sophisticated, generating ten times more fingerprints to counter increasingly complex DDoS attacks. The report noted, "Threat actor capabilities reached an all time high as our automated defenses generated 10 times more fingerprints to counter and mitigate the ultra-sophisticated DDoS attacks."

In the first half of 2024 alone, Cloudflare mitigated 8.5 million DDoS attacks, nearly 60% of the total number of attacks mitigated in the entire year of 2023. The company successfully mitigated 57 petabytes of network-layer DDoS attack traffic. To provide context, this volume of traffic is considerably large, capable of fitting Netflix's entire catalog at least 162 times.

The report breaks down the types of attacks, recording 2.2 million network-layer DDoS attacks and 1.8 million HTTP DDoS attacks. Indeed, the actual number of fingerprints generated to handle these randomized attacks was closer to 19 million, a figure ten times larger than the normalized total of 1.8 million.

China tops the list of the most attacked countries, followed by Turkey, Singapore, Hong Kong, Russia, Brazil, and Thailand. "This ranking takes into consideration HTTP DDoS attacks, network-layer DDoS attacks, the total volume and the percentage of DDoS attack traffic out of the total traffic," the report mentioned.

Information Technology & Services led as the most targeted industry in Q2 2024. Other sectors like Food & Beverages and Telecommunications also experienced substantial attacks.

Libya emerged as the largest source of DDoS attacks during the quarter, followed by Indonesia and the Netherlands. DNS-based attacks, including DNS floods and DNS amplification attacks, were the most common network-layer DDoS attack vectors, despite a 49% decrease quarter-over-quarter. SYN floods and RST floods constituted the second and third most common network-layer DDoS attack vectors, respectively.

HTTP DDoS attacks showed that half of these attacks were mitigated through proprietary heuristics that specifically targeted well-known botnets. Nearly 29% involved attacks using fake user agents, impersonated browsers, or headless browsers, while another 13% had suspicious HTTP attributes, triggering Cloudflare's automated systems.

The distribution of DDoS attacks by duration highlighted that over 57% of HTTP DDoS attacks and 88% of network-layer DDoS attacks ended within 10 minutes, underscoring the necessity for automated, in-line detection and mitigation systems. A quarter of HTTP DDoS attacks persisted for more than an hour, and almost a fifth lasted over a day. Longer network-layer DDoS attacks were significantly rarer, with only 1% extending beyond three hours.

While most DDoS attacks remain small in scale, the frequency of larger volumetric attacks has increased. One out of every 100 network-layer DDoS attacks reached more than 1 million packets per second (pps), and two out of every 100 exceeded 500 gigabits per second. On the application layer, four out of every 1,000 HTTP DDoS attacks surpassed 1 million requests per second.

The increasing sophistication of threat actors, potentially driven by advancements in generative AI and developer copilots, is creating more complex and potent attack methods. The report revealed that many organizations continue to struggle to defend against these evolving threats.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X