DDoS Attacks Continue to Escalate
DDoS attacks surged 56% in Q3-Q4 2024 compared to the same period in 2023, according to Gcore’s latest Radar report. The total number of attacks also increased by 17% compared to Q1-Q2 2024. Attackers are deploying more sophisticated methods, making detection and mitigation increasingly difficult.
The most severe attack recorded in Q3-Q4 2024 reached 2 Tbps, an 18% increase from Q1-Q2 2024. While such attacks remain rare, their impact can cripple digital infrastructure.
Financial Sector Becomes a Prime Target
The financial services industry saw the most significant increase in DDoS attacks. Attacks on this sector rose by 117%, making it the second-most targeted industry at 26% of all recorded attacks. Cybercriminals view financial institutions as prime targets due to their reliance on continuous service availability.
Gaming remained the most targeted industry, accounting for 34% of all attacks. However, attack volume declined by 31% from Q1-Q2 2024. This drop suggests that improved defenses and a shift in attacker focus toward financial services may be responsible.
The technology sector also experienced a rise in attacks, increasing from 7% in Q3-Q4 2023 to 19% in Q3-Q4 2024. The sector’s importance in supporting global digital infrastructure makes it an attractive target.
Geographical Trends Show New Attack Sources
The Netherlands emerged as a key source of DDoS attacks. It accounted for 21% of application-layer attacks (which target websites and online services by overwhelming their resources with excessive requests). It accounted for 18% of network-layer attacks (which flood internet infrastructure with massive amounts of malicious traffic to cause service disruptions).
Following closely, The U.S. and then Brazil which was another major source, contributing 14% of network-layer attacks. The report notes that the country’s expanding digital economy is likely fueling this rise. China and Indonesia also saw significant attack activity, with Indonesia’s application-layer attacks increasing to 8%.
Shorter, More Powerful Attacks Dominate
The trend toward shorter but more intense DDoS attacks continues. The longest recorded attack in Q3-Q4 2024 lasted just five hours, down from 16 hours in the previous period. Despite shorter durations, these attacks remain highly disruptive.
Many attackers use short, high-impact attacks to evade detection. These “burst attacks” mimic normal traffic spikes. That makes detection harder. Some short-lived attacks also act as diversions for secondary threats, such as ransomware deployment.
Attack Methods Evolve
Network-layer attacks remained dominant, accounting for 72% of all attacks. Among these, UDP floods made up 60%, while SYN floods and TCP floods accounted for 15% and 12%, respectively.
UDP Floods: A type of DDoS attack where attackers overwhelm a target with a massive number of User Datagram Protocol (UDP) packets, consuming bandwidth and server resources to disrupt services.
SYN Floods: A DDoS attack that exploits the TCP handshake process by sending a high volume of SYN (synchronize) requests to a server but never completing the connection, exhausting server resources and causing downtime.
TCP Floods: A broad DDoS attack method that sends a flood of malicious TCP packets to a target, consuming network and system resources to slow down or crash the service.
Application-layer attacks, though fewer, became more sophisticated. Attackers are increasingly using adaptive techniques to bypass security measures.
The continued rise in DDoS attacks highlights the need for stronger cybersecurity defenses. The shift in attack focus, particularly toward financial services and technology, signals evolving threats. As attackers refine their tactics, organizations must adopt advanced protection strategies to minimize risks.
