Moving into 2024, Gcore has released its latest Gcore Radar report, a semi-annual publication in which the company releases internal analytics to track DDoS attacks. Gcore’s large network of scrubbing centers, distributed internationally, allows them to follow attack trends over time. Read on to learn the DDoS attack trends for Q3 and Q4 2023 and what they mean for developing a robust protection strategy in 2024.
Gcore key findings
DDoS attack trends for the second half of 2023 reveal alarming developments in the scope and sophistication of cyber threats.
Unprecedented attack power
The last three years have resulted in a greater than 100% annual increase in peak (highest recorded) DDoS attack volume:
- In 2021, the peak capacity of DDoS attacks was 300 Gbps
- In 2022 it increased to 650 Gbps
- In the first-second quarter of 2023 it increased again to 800 Gbps
- In the third-fourth quarter of 2023 it rose to 1600 Gbps (1.6 Tbps)
Notably, the jump into the second half of 2023 means the cybersecurity industry is measuring DDoS attacks in a new unit, Terabits.
 |
| Maximum attack power in 2021-2023 in Gbps |
This illustrates a significant and ongoing escalation in the damage potential of DDoS attacks, a Gcore trend plans to continue in 2024.
Duration of the attack
Gcore saw attacks last from three minutes to nine hours, with the average being around an hour. Typically, short attacks are harder to detect as they do not allow proper traffic analysis due to data scarcity, and because they are harder to recognize, they are also harder to mitigate. Longer attacks require more resources to combat, requiring a powerful mitigation response; otherwise, the risk is prolonged unavailability of the server.
 |
| Gcore’s longest recorded attack lasted nine hours |
Predominant attack types
UDP floods continue to dominate, making up 62% of DDoS attacks. TCP Floods and ICMP attacks also remain popular, accounting for 16% and 12% of the total, respectively.
All other types of DDoS attacks, including SYN, SYN+ACK Flood, and RST Flood, together accounted for only 10%. While some attackers may use these more sophisticated approaches, most are still focused on delivering large volumes of packets to crash servers.
 |
| Dominant attack types in the second half of 2023 |
The variety of attack methods requires a complex defense strategy capable of protecting against a variety of DDoS techniques.
Global attack sources
This global spread of attack sources demonstrates the borderless nature of cyber threats, where attackers operate across national borders. Gcore identified several attack sources in the second half of 2023, with the United States leading with 24%. Indonesia (17%), Netherlands (12%), Thailand (10%), Colombia (8%), Russia (8%), Ukraine (5%), Mexico (3%), Germany (2%) and The Brazil (2%) is in the top ten, highlighting a widespread global threat.
 |
| Geographic spread of the attack source |
The geographic distribution of DDoS attack sources provides important information for creating targeted defense strategies and shaping international policies aimed at combating cybercrime. However, determining the location of the attacker is difficult due to the use of techniques such as IP spoofing and the involvement of distributed botnets. This makes it difficult to assess motivations and capabilities, which can range from state-sponsored actions to individual hackers.
Target industries
The most targeted sectors in the second half of 2023 highlight the impact of DDoS attacks in different sectors:
- The gaming sector remains the hardest hit, suffering 46% of attacks.
- The financial sector, including banks and gambling services, came second with 22%.
- Telecommunications (18%), infrastructure as a service (IaaS) (7%) and computer software companies (3%) were also significantly targeted.
 |
| DDoS attacks by the affected industry |
From the previous Gcore Radar report, attackers have not changed their focus: the gaming and financial sectors are particularly interesting for attackers, probably due to their financial gains and impact on users. This highlights the need for targeted cybersecurity strategies in the most affected sectors, such as countermeasures for specific game servers.
Analyses
Data from the second half of 2023 highlights a worrying trend in the DDoS attack landscape. The increase in attack power to 1.6 Tbps is particularly alarming, signaling a new level of threat for which organizations must prepare. For comparison, even a “humble” 300 Gbps attack is capable of disabling an unprotected server. Considering the geographic distribution of attack sources, it is clear that DDoS threats represent a serious and global problem, requiring international cooperation and intelligence sharing to effectively mitigate potentially devastating attacks.
The range of attack durations suggests that attackers are becoming more strategic, tailoring their approaches to specific targets and objectives:
- In the gaming industryfor example, strikes are relatively low in power and duration but more frequent, causing repeated disruptions to a specific server with the aim of disrupting the player’s experience to force them to switch to a competitor’s server.
- For the financial and telecommunications sectors, where the economic impact is more immediate, attacks often have a greater volume and highly variable duration.
The continued targeting of the gaming, financial, telecommunications and IaaS sectors reflects attackers’ strategic choice to choose services whose disruption has a significant economic and operational impact.
Conclusion
The Gcore Radar report for Q3 and Q4 2023 serves as a timely reminder of the ever-evolving nature of cyber threats. Organizations across all industries must invest in comprehensive and adaptive cybersecurity measures. Staying ahead of DDoS threats requires a thorough understanding of the evolving patterns and strategies of cyber attackers.
Gcore DDoS protection has a proven track record of repelling even the most powerful and sustained attacks. Connect Gcore DDoS protection to protect your business from whatever the DDoS landscape of 2024 brings.