Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Posts
Filter by Categories







Cloudflare Report Highlights Increased DDoS Attacks in Q1

Short for Distributed Denial of Service, a DDoS attack is a common type of cyber attack and Cloudflare published their report on the types of attacks, their intensity and distribution by industry & region in Q1 of 2024.

Key Insights from Q1

Some Key insights from the first quarter of 2024 include:

  • 4.5 million DDoS attacks happened during the first quarter — representing a 50% year-over-year (YoY) increase.
  • DNS-based DDoS attacks increased by 80% YoY.
  • DDoS attacks on Sweden surged by 466% after its acceptance to the NATO alliance, mirroring the pattern observed during Finland’s NATO accession in 2023.
Perspective and Breakdown of Previous Attacks

In Q1, 4.5 million DDoS attacks already happened, representing 32% of all DDoS attacks handled in 2023.

Breaking down the types, HTTP DDoS attacks surged by 93% year-over-year (YoY) and 51% quarter-over-quarter (QoQ). Overall, the combined total of HTTP and L3/4 attacks in Q1 2024 grew by 50% YoY and 18% QoQ.

Their systems blocked 10.5 trillion HTTP DDoS attack requests and handled over 59 petabytes of network-layer DDoS traffic.

The most substantial attack came from a Mirai-variant botnet, peaking at 2 Tbps. This massive attack targeted an Asian hosting provider.

The Mirai botnet, known for significant disruptions like the 2016 attack on US DNS service, remains prevalent.

DNS Attacks Increase by 80% and Led to an Advanced DNS Protection Systems

DNS-based DDoS attacks have become the most prominent type of attack and its share continues to grow. In the first quarter of 2024, the share of DNS-based DDoS attacks increased by 80% YoY, growing to approximately 54%.

Most Common Attack Vectors

When determining the largest growth of the attack vector, researchers also recognised Jenkins Flood.

The Jenkins Flood DDoS attack targets vulnerabilities in Jenkins automation servers, specifically exploiting UDP multicast/broadcast and DNS multicast services. In these attacks, perpetrators send small, carefully crafted requests to a Jenkins server’s publicly accessible UDP port. Jenkins addressed this issue (CVE-2020-2100) in 2020. Despite measures, four years later, attackers are still exploiting this vulnerability.

Different Industries are Attacked around the Globe

Earlier this year, the Luxembourg DDoS attack shook the ground of Luxembourg government websites, which led to an immediate response from the authorities.

In the first quarter of 2024, the top attacked industry by HTTP DDoS attacks in North America was Marketing and Advertising. In Africa and Europe, the Information Technology and Internet industry was the most attacked. As for the Middle East, the most attacked industry was Computer Software. Whereas in Asia, the most attacked industry was Gaming and Gambling. In South America, it was the Banking, Financial Services and Insurance (BFSI) industry. In Oceania, was the Telecommunications industry.

Globally, the Gaming and Gambling industry was the number one most targeted by HTTP DDoS attacks.

The Telecommunications industry, the Banking, Financial Services and Insurance (BFSI) industry, the Gaming and Gambling industry and the Computer Software industry accounted for the next three percent.

Top Attacked Industries by L3/4 DDoS Attack

On the HTTP front, Law Firms and Legal Services was the most attacked industry, as over 40% of their traffic was HTTP DDoS attack traffic. The Biotechnology industry came in second with a 20% share of HTTP DDoS attack traffic. In third place, Nonprofits had an HTTP DDoS attack share of 13%. In fourth, Aviation and Aerospace, followed by Transportation, Wholesale, Government Relations, Motion Pictures and Film, Public Policy, and Adult Entertainment to complete the top ten.

Determining the Source of the DDoS Attacks

In the first quarter of 2024, the United States was the largest source of HTTP DDoS attack traffic, as a fifth of all DDoS attack requests originated from US IP addresses. China came in second, followed by Germany, Indonesia, Brazil, Russia, Iran, Singapore, India, and Argentina.

US the largest source of L3/4 attacks. Far behind, Germany at 6%, followed by Brazil, Singapore, Russia, South Korea, Hong Kong, United Kingdom, Netherlands, and Japan.

Locations That Were the Most Attacked

In the first quarter of 2024, the US was the most attacked by HTTP DDoS attacks. China was followed by Canada, Vietnam, Indonesia, Singapore, Hong Kong, Taiwan, Cyprus, and Germany.

On the network layer, China was the number one most attacked location.

Hong Kong came in second place, followed by Taiwan, the United States, and Brazil.

Closing Comments

With DDoS attacks still being prevalent across different continents and industries, it remains paramount for organisations to protect themselves from this specific type of attack.

RECENT BLOG POSTS

PODCASTS

Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.