Gcore Radar warns of a new era of DDoS attacks

January 23, 2024News about hackersCyber ​​Security/Server Security

DDoS attack

Moving into 2024, Gcore has released its latest Gcore Radar report, a semi-annual publication in which the company releases internal analytics to track DDoS attacks. Gcore’s large network of scrubbing centers, distributed internationally, allows them to follow attack trends over time. Read on to learn the DDoS attack trends for Q3 and Q4 2023 and what they mean for developing a robust protection strategy in 2024.

Gcore key findings

DDoS attack trends for the second half of 2023 reveal alarming developments in the scope and sophistication of cyber threats.

Unprecedented attack power

The last three years have resulted in a greater than 100% annual increase in peak (highest recorded) DDoS attack volume:

  • In 2021, the peak capacity of DDoS attacks was 300 Gbps
  • In 2022 it increased to 650 Gbps
  • In the first-second quarter of 2023 it increased again to 800 Gbps
  • In the third-fourth quarter of 2023 it rose to 1600 Gbps (1.6 Tbps)

Notably, the jump into the second half of 2023 means the cybersecurity industry is measuring DDoS attacks in a new unit, Terabits.

The graph reflects the increase in maximum peak attack volumes in 2021-2023 with 300, 650 and 1600 Gbps respectively
Maximum attack power in 2021-2023 in Gbps

This illustrates a significant and ongoing escalation in the damage potential of DDoS attacks, a Gcore trend plans to continue in 2024.

Duration of the attack

Gcore saw attacks last from three minutes to nine hours, with the average being around an hour. Typically, short attacks are harder to detect as they do not allow proper traffic analysis due to data scarcity, and because they are harder to recognize, they are also harder to mitigate. Longer attacks require more resources to combat, requiring a powerful mitigation response; otherwise, the risk is prolonged unavailability of the server.

A graph showing the longest attack observed by Gcore in the second half of 2023, shown in bits and packets.
Gcore’s longest recorded attack lasted nine hours

Predominant attack types

UDP floods continue to dominate, making up 62% of DDoS attacks. TCP Floods and ICMP attacks also remain popular, accounting for 16% and 12% of the total, respectively.

All other types of DDoS attacks, including SYN, SYN+ACK Flood, and RST Flood, together accounted for only 10%. While some attackers may use these more sophisticated approaches, most are still focused on delivering large volumes of packets to crash servers.

Pie chart showing types of DDoS attacks with 62% UDP attacks, 16% TCP, 12% ICMP and another 10%
Dominant attack types in the second half of 2023

The variety of attack methods requires a complex defense strategy capable of protecting against a variety of DDoS techniques.

Global attack sources

This global spread of attack sources demonstrates the borderless nature of cyber threats, where attackers operate across national borders. Gcore identified several attack sources in the second half of 2023, with the United States leading with 24%. Indonesia (17%), Netherlands (12%), Thailand (10%), Colombia (8%), Russia (8%), Ukraine (5%), Mexico (3%), Germany (2%) and The Brazil (2%) is in the top ten, highlighting a widespread global threat.

Top sources of attack by country, with the United States in first place with 24%
Geographic spread of the attack source

The geographic distribution of DDoS attack sources provides important information for creating targeted defense strategies and shaping international policies aimed at combating cybercrime. However, determining the location of the attacker is difficult due to the use of techniques such as IP spoofing and the involvement of distributed botnets. This makes it difficult to assess motivations and capabilities, which can range from state-sponsored actions to individual hackers.

Target industries

The most targeted sectors in the second half of 2023 highlight the impact of DDoS attacks in different sectors:

  • The gaming sector remains the hardest hit, suffering 46% of attacks.
  • The financial sector, including banks and gambling services, came second with 22%.
  • Telecommunications (18%), infrastructure as a service (IaaS) (7%) and computer software companies (3%) were also significantly targeted.
Pie chart of industries targeted by DDoS attacks in Q3-Q4 2023, with gaming hardest hit at 46%.
DDoS attacks by the affected industry

From the previous Gcore Radar report, attackers have not changed their focus: the gaming and financial sectors are particularly interesting for attackers, probably due to their financial gains and impact on users. This highlights the need for targeted cybersecurity strategies in the most affected sectors, such as countermeasures for specific game servers.

Analyses

Data from the second half of 2023 highlights a worrying trend in the DDoS attack landscape. The increase in attack power to 1.6 Tbps is particularly alarming, signaling a new level of threat for which organizations must prepare. For comparison, even a “humble” 300 Gbps attack is capable of disabling an unprotected server. Considering the geographic distribution of attack sources, it is clear that DDoS threats represent a serious and global problem, requiring international cooperation and intelligence sharing to effectively mitigate potentially devastating attacks.

The range of attack durations suggests that attackers are becoming more strategic, tailoring their approaches to specific targets and objectives:

  • In the gaming industryfor example, strikes are relatively low in power and duration but more frequent, causing repeated disruptions to a specific server with the aim of disrupting the player’s experience to force them to switch to a competitor’s server.
  • For the financial and telecommunications sectors, where the economic impact is more immediate, attacks often have a greater volume and highly variable duration.

The continued targeting of the gaming, financial, telecommunications and IaaS sectors reflects attackers’ strategic choice to choose services whose disruption has a significant economic and operational impact.

Conclusion

The Gcore Radar report for Q3 and Q4 2023 serves as a timely reminder of the ever-evolving nature of cyber threats. Organizations across all industries must invest in comprehensive and adaptive cybersecurity measures. Staying ahead of DDoS threats requires a thorough understanding of the evolving patterns and strategies of cyber attackers.

Gcore DDoS protection has a proven track record of repelling even the most powerful and sustained attacks. Connect Gcore DDoS protection to protect your business from whatever the DDoS landscape of 2024 brings.

Did you find this article interesting? Follow us on Twitter and LinkedIn to read the most exclusive content we publish.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *