Entering 2024, Gcore has released the latest Gcore Radar report, a biannual report in which the company releases internal analysis tracking DDoS attacks. Gcore’s extensive, globally distributed network of cleaning centers allows them to track attack trends at any time. Read on to learn about DDoS attack trends in Q3-Q4 2023 and what they mean for developing a strong protection strategy in 2024.
Key findings from Gcore
DDoS attack trends in the second half of 2023 reveal alarming developments in the scale and sophistication of cyber threats.
Unprecedented attack power
Peak DDoS (largest registered) attack volume has increased >100% annually over the past three years:
- The peak capacity of DDoS attacks in 2021 is 300Gbps
- In 2022, increase to 650 Gbps
- Q1-Q2 2023 will increase to 800 Gbps again
- Surge to 1600 Gbps (1.6 Tbps) in Q3-Q4 2023
Notably, the jump to the second half of 2023 means the cybersecurity industry is measuring DDoS attacks in a new unit, the Terabit.
 |
| Maximum attack capability (Gbps) in 2021-2023 |
This shows that the potential damage of DDoS attacks is significantly and continuously escalating, which is a trend of Gcore Expected to continue in 2024.
attack duration
Gcore’s attacks range in length from three minutes to nine hours, with an average of about one hour. Generally, short attacks are more difficult to detect because they cannot be subjected to proper traffic analysis due to data scarcity, and because they are more difficult to identify, they are also more difficult to mitigate. Longer attacks require more resources to combat and require robust mitigation responses; otherwise, there is a risk of the server being unavailable for an extended period of time.
 |
| Gcore’s longest recorded attack lasted nine hours |
Main attack types
UDP floods continue to dominate, accounting for 62% of DDoS attacks. TCP floods and ICMP attacks also remain popular, accounting for 16% and 12% of the total, respectively.
All other DDoS attack types, including SYN, SYN+ACK Flood, and RST Flood, combined accounted for only 10%. While some attackers may use these more sophisticated methods, most attackers still focus on delivering large numbers of packets to take down servers.
 |
| Main attack types in the second half of 2023 |
Changes in attack methods require multi-faceted defense strategies to defend against a range of DDoS technologies.
Global attack source
The global spread of attack sources demonstrates the borderless nature of cyber threats, allowing attackers to operate across national borders. Gcore discovered multiple attack sources in the second half of 2023, with the United States leading the way at 24%. Indonesia (17%), Netherlands (12%), Thailand (10%), Colombia (8%), Russia (8%), Ukraine (5%), Mexico (3%), Germany (2%) and Brazil ( 2%) ranks among the top ten, indicating that the world faces a wide range of threats.
 |
| Geographical attack source distribution |
The geographical distribution of DDoS attack sources provides important information for developing targeted defense strategies and developing international policies aimed at combating cybercrime. However, pinpointing the attacker’s location is challenging due to the use of techniques such as IP spoofing and the involvement of decentralized botnets. This makes it difficult to assess motivations and capabilities, which can vary from state-sponsored operations to individual hackers.
Target industry
The most attacked industries in the second half of 2023 highlight the impact of DDoS attacks on various industries:
- The gaming industry remains the most affected industry, suffering 46% of attacks.
- The financial sector, which includes banking and gambling services, ranks second with 22%.
- Telecommunications (18%), infrastructure as a service (IaaS) providers (7%) and computer software companies (3%) have also become key targets.
 |
| DDoS attacks on affected industries |
since Previous Gcore Radar reports, the attackers have not changed their focus: attackers are particularly interested in the gaming and financial sectors, possibly because of their economic benefits and user impact. This highlights the need for targeted cybersecurity strategies in the hardest-hit industries, such as countermeasures targeting specific gaming servers.
analyze
Data for the second half of 2023 highlights worrying trends in the DDoS attack landscape. The increase in attack capability to 1.6 Tbps is particularly alarming and signals a new level of threat that organizations must prepare for. In comparison, even a “humble” 300 Gbps attack can disable an unprotected server. Combined with the geographic distribution of attack sources, it is clear that the DDoS threat is a serious global problem that requires international cooperation and intelligence sharing to effectively mitigate potentially damaging attacks.
The range of attack durations suggests attackers have become more strategic, tailoring their methods to specific targets and objectives:
- In the field of gamingFor example, attacks that are relatively low in power and duration, but more frequent, can cause repeated damage to a specific server with the goal of disrupting the player experience and forcing them to switch to a competing server.
- For the financial and telecommunications industries, Where the economic impact is more direct, attacks tend to be larger in number and vary widely in length.
Ongoing attacks in the gaming, financial, telecommunications and IaaS industries reflect attackers’ strategic choices to select services where disruption would have a significant economic and operational impact.
in conclusion
Gcore Radar’s Q3-Q4 2023 report is a timely reminder of the changing nature of cyber threats. Organizations across sectors must invest in comprehensive and adaptable cybersecurity measures. Staying ahead of DDoS threats requires a keen understanding of cyber attackers’ ever-changing patterns and tactics.
Gcore DDoS protection Has a record of repelling the most powerful and sustained attacks. Connect to Gcore DDoS Protection Protect your business from any impact of DDoS situations in 2024.
