Gcore Radar warns of a new era of DDoS attacks

DDoS Attack

As we enter 2024, Gcore has released its latest Gcore Radar report, a biennial publication in which the company releases internal analytics to track DDoS attacks. Gcore’s broad, internationally distributed network of scrubbing centers allows them to track attack trends over time. Read on to learn about DDoS attack trends for the third and fourth quarters of 2023, and what they mean for developing a robust protection strategy in 2024.

Gcore’s key findings

Trends in DDoS attacks for the second half of 2023 show alarming developments in the scope and sophistication of cyber threats.

Unprecedented offensive power

The past three years have resulted in a >100% annual increase in peak DDoS attack volume (recorded maximum):

  • 2021 saw the peak capacity of DDoS attacks 300 Gbps
  • In 2022 this has increased to 650 Gbps
  • In the first and second quarters of 2023, it rose again to 800 Gbps
  • In the third and fourth quarters of 2023 this increased to 1600 Gbps (1.6 Tbps)

Notably, the jump in the second half of 2023 means the cybersecurity industry is measuring DDoS attacks in a new unit, Terabits.

Graph showing increasing maximum attack volumes in 2021-2023 at 300, 650 and 1600 Gbps respectively
Maximum attack power in 2021–2023 in Gbps

This illustrates a significant and continued escalation in the potential damage of DDoS attacks, a trend in Gcore expects this to continue into 2024.

Duration of the attack

Gcore saw attack lengths ranging from three minutes to nine hours, with an average of around an hour. Typically, short attacks are more difficult to detect because they are not suitable for proper traffic analysis due to the scarcity of data. Because they are harder to recognize, they are also harder to limit. Longer attacks require more resources to combat, requiring a strong mitigation response; Otherwise there is a risk that the server will be unavailable for a long time.

A graph showing the longest attack Gcore has seen in the second half of 2023, represented in bits and packets.
Gcore’s longest recorded attack lasted nine hours

Predominant attack types

UDP floods continue to dominate, making up 62% of DDoS attacks. TCP floods and ICMP attacks also remain popular, accounting for 16% and 12% of the total respectively.

All other types of DDoS attacks, including SYN, SYN+ACK flood and RST Flood, together accounted for just 10%. While some attackers use these more advanced approaches, the majority are still focused on delivering a pure packet volume to take down servers.

Pie chart of DDoS attack types with UDP flood taking 62%, TCP 16%, ICMP 12% and remaining 10%
Dominant attack types in the second half of 2023

The variation in attack methods necessitates a versatile defense strategy that can protect against a range of DDoS techniques.

Global attack sources

This global spread of attack sources demonstrates the borderless nature of cyber threats, with attackers operating across national borders. Gcore identified several origins of attacks in the second half of 2023, with the US leading the way with 24%. Indonesia (17%), Netherlands (12%), Thailand (10%), Colombia (8%), Russia (8%), Ukraine (5%), Mexico (3%), Germany (2%) and Brazil ( 2%) make up the top ten, illustrating a widespread global threat.

Top attack sources by country, with the US in first place at 24%
Geographic distribution of attack sources

The geographic distribution of DDoS attack sources provides important information for creating them targeted defense strategies and for shaping international policymaking aimed at combating cybercrime. However, determining the attacker’s location is challenging due to the use of techniques such as IP spoofing and the involvement of distributed botnets. This makes it difficult to assess motivations and capabilities, which can range from state-sponsored actions to individual hackers.

Targeted industries

The most targeted sectors in the second half of 2023 highlight the impact of DDoS attacks in various sectors:

  • The gaming industry remains the hardest hit, experiencing 46% of attacks.
  • The financial sector, including banks and gambling services, came in second with 22%.
  • Telecommunications (18%), infrastructure-as-a-service (IaaS) providers (7%) and computer software companies (3%) were also significantly targeted.
Pie chart of the industries targeted by DDoS in 2023, Q3-Q4, with gaming being the most affected at 46%.
DDoS attacks by affected industry

Since the previous Gcore Radar reportattackers have not changed their focus: the gaming and financial sectors are of particular interest to attackers, likely due to their financial profits and user impact. This underlines the need for targeted cybersecurity strategies in the most affected sectors, for example countermeasures for specific gaming servers.

Analysis

The data from the second half of 2023 highlights a worrying trend in the DDoS attack landscape. The increase in attack power to 1.6 Tbps is particularly alarming and signals a new level of threat that organizations must prepare for. By comparison, even a “modest” 300 Gbps attack can take down an unprotected server. Combined with the geographic distribution of attack sources, it is clear that DDoS threats are a serious and global problem, necessitating international cooperation and intelligence sharing to effectively mitigate potentially devastating attacks.

The range in attack duration suggests that attackers are becoming more strategic and tailoring their approach to specific goals and objectives:

  • In the gaming sectorFor example, attacks are relatively low in power and duration but occur more frequently, repeatedly disrupting a specific server with the aim of disrupting the player experience and forcing them to switch to a competitor’s server.
  • For the financial and telecom sector where the economic impact is more direct, attacks are often larger in volume and highly variable in length.

The ongoing attacks on the gaming, financial, telecommunications and IaaS industries reflect attackers’ strategic choice to select services whose disruption has a significant economic and operational impact.

Conclusion

The Gcore Radar report for Q3 and Q4 2023 serves as a timely reminder of the ever-evolving nature of cyber threats. Organizations from all sectors must invest in comprehensive and adaptive cybersecurity measures. Staying ahead of DDoS threats requires a deep understanding of cyber attackers’ changing patterns and strategies.

Gcore DDoS protection has a proven track record of fending off even the most powerful and persistent attacks. Connect Gcore DDoS protection to protect your business against whatever the 2024 DDoS landscape brings.



#Gcore #Radar #warns #era #DDoS #attacks

Total
0
Shares
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
Previous Post
Crypto Wallets

MacOS malware hides in cracked apps and targets crypto wallets

Next Post
Cyber Attack

Critical confluence of RCE under active exploitation

Related Posts