Top +35 DDoS Statistics (2024)

DDoS Statistics for 2023 How Large a Threat Are DDoS Attacks

Flooding a target with fake traffic can be a simple yet brutally effective way of knocking it out of action. But just how common are DDoS (Distributed Denial of Service) attacks - and how much damage do they actually cause? 

To help you make sense of this key part of the cyber threat landscape, let’s delve deeper into DDoS statistics. We'll take a closer look at the prevalence of DDoS attacks, how the numbers have changed over time, who’s responsible, the motivations behind attacks, who’s affected, and the cost of cleanup and defense. 

DDoS Attack Patterns Statistics

1. Cisco predicted that the number of DDoS attacks globally per year would double from 7.9 million in 2018 to 15.4 million in 2023. This is based on historic data on the number of attacks per year up to 2020 and projections for a further three years, 

DDoS Attack Patterns

2. There has been a 807% increase in DDoS attacks in the nine years to 2022. Quarterly incidents rose from ~325,000 in Q1 2013 to ~2.9 million in Q1 2022. 

3. Netscout analysis suggests there were ~13 million attacks in 2022; a new high benchmark for attack frequency. 

4. In 2022, there was a 74% YoY increase in the number of DDoS attacks.  

5. Initial projections suggest further increases in the DDoS incident rate for 2023. Lumen Technologies mitigated more than 8,600 DDoS attacks in Q1 - a 40% YoY increase, and the second busiest quarter in two years. 

6. Q1 2023 saw a 47% surge in attacks compared to the same period in 2022.  

7. Globally, organizations mitigated an average of 29.3 attacks per day during Q4 2022, four times more than the same period in 2021. 

What Is a DDoS Attack?

A DDoS (distributed denial-of-service) attack is a method of disrupting the normal functioning of a target network or server by overwhelming it with large volumes of internet traffic. 

DDoS attacks are conducted remotely by an attacker using networks of devices infected with malware. These individual attack nodes are referred to as bots, and clusters of connected bots are known as botnets.

During an attack, each bot submits requests to the target’s IP address, with the aim of overwhelming the target with requests, thereby leading to denial-of-service to legitimate traffic.

Who Are the DDoS Targets? 

When it comes to Microsoft-based systems and services specifically, the United States seems to be the most frequently targeted region by some considerable margin. For IT infrastructure in general, the US still comes out on top, but the gap between the US and other regions is considerably narrower.   

Countries/Regions Targeted

8. Based on DDoS attacks observed by Microsoft, the top country to have Microsoft services target for DDoS attacks was the United States (45.02%), with India following second (13.22%)

Top 5 Regions for Microsoft Services Targeted DDoS Attacks 2022
United States45.02%
India13.22%
East Asia11.25%
Europe10.49%
Korea4.22%
Breakdown of Number of Attacks by Region

9. The United States was the largest target of general DDoS attacks in 2022 at 18.3%.

Top 10 Countries for IT Infrastructure Targeted DDoS Attacks 2022
United States18.3%
China10.7%
India9.2%
Russia8.4%
United Kingdom7.2%
Germany6.8%
France5.3%
Japan4.7%
Ukraine4.5%
Brazil4.2%
DDoS Attack by Country

Top Industries Targeted 

10. The finance and telecommunications industries account for a combined 60% of all DDoS targets.

Top Industries Targeted for DDoS Attacks
Finance34%
Telecommunications26%
Retail17%
Entertainment12%
Insurance6%
Education2%
Logistics2%
Others1%
Top Industries Targeted

11. Globally, finance was the most attacked industry sector in 2022, with 53% of overall attack activity, followed by technology (20%) and healthcare (11%). 

Most Attacked Sections by Region 2022
1st2nd3rd
USAFinance 32%Healthcare 24%Technology 17%
EuropeFinance 71%Technology 16%Government 4%
APACTechnology 70%Finance 9%Government 8%

Motivations 

Because reasons behind attacks are very often not made known, the prevalence of various motivations are difficult to measure.  

12. Cloudflare estimates that 9-19% of DDoS attacks are financially motivated - i.e. those attacks that involve extortion. 

13. Other motivations are thought to include

  • Ideology (hacktivism) 
  • Political (cyber warfare and targeted sabotage) 
  • Obscuration - i.e. providing cover for other cyber attacks, and personal motivation (hackers launching attacks ‘because they can’) 

Who Are Committing DDoS Attacks?

Over the last year or so, the research points to a growth in the volume of DDoS attacks by both extortionists and politically-motivated threat actors.   

Threat Actors 

Extortionists / Organized Crime

14. In Q3 2022, DDoS involving ransom demands increased 67% year-on-year and 24% quarter-on-quarter. 

15. In Q1 2023, 16% of Cloudflare customers reported a ransom DDoS attack. This represents a 60% YoY increase. 

Ransom DDoS Attacks & Threats by Month

16. Finance is the sector most targeted with extortion DDoS attacks. The volume of DDoS targeting financial services last year was 121% higher than in 2021. 

17. Ransomware gangs observed to be using DDoS cyber extortion campaigns recently include BlackCat, REvil, Suncrypt, and AvosLocker.  

Hacktivists and politically motivated attackers 

18. Top 10 claiming actors for hacktivist DDoS activity Feb-Apr 2023. This is based an analysis of conversations of threat actors intercepted by Radware over Telegram: 

Top DDoS Groups 2023
Noname05716 29.4%
AnonymousSudan 18.2%
MysteriousTeam0 13%
Others 11.2%
Teaminsanepk 8.97%
PassionBotnet 6.49%
Anon_by 4.05%
CyberArmyofRussia_Reborn 3.08%
User_sec 2.7%
AnonCyberViewtNam 1.62%
ChaosSec 1.24%
Top Claiming Actors

19. Top countries attacked by hacktavists Feb-Apr 2023, based on claimed DDoS attacks. Again, this is based on conversation interceptions across Telegram channels. 

Top Attacked Countries

Thales analysis shows how the focus of politically-motivated attacks has shifted as the war in Ukraine has progressed. 

20. At the start of the conflict (Q1 2022), 50.4% of attacks in Europe affected Ukraine in isolation. By Q3 2022, this had reduced to 28.6%.

21. In Q1 2022, these attacks were divided more or less equally between DDoS attacks, espionage, data leaks and theft, influence campaigns, intrusion, and ransomware

22. As the war has progressed, DDoS has gradually emerged as the favored attack method. As at March 2023, DDoS make up 75% of all attacks against companies and governments.   

23. In summer 2022, there were almost as many conflict-related incidents in EU countries as there were in Ukraine (85% versus 86%). 

24. By Q1 2023, the largest share of incidents (80.9%) have been inside the EU. 

25. Within the EEA in 2022, Poland recorded 114 Ukraine-related attacks, The Baltic states - Estonia, Latvia and Lithuania (157 attacks), Sweden, Norway, Denmark and Finland (95 attacks), Germany (58 attacks), UK (18 attacks), France (14 attacks), Italy (14 attacks) and Spain (4 attacks). 

26. 61% of attacks were perpetrated by pro-Russian hacktivist groups.

Sources of DDoS Attack Nodes 

27. A single DDoS attack may deploy attack nodes spread across the world. 

28. The top countries hosting DDoS bots are as follows: 

Top Countries Hosting DDoS Bots
China2,105,044
United States1,846,075
South Korea1,328,823
Italy974,011
Russia809,978
Rest of the World8,333,728

Attack duration 

29. In 2022, small DDoS attacks (below 1Gbps) lasted 4 minutes on average. 

30. Attacks between 50 and 100 Gps lasted 8.67 hours on average. 

31. The longest attacks (between 100 and 250 Gps) lasted 66 hours, or 2.75 days. 

32. In 2022, 89% of attacks lasted less than one hour. Attacks spanning one to two minutes accounted for 26% of attacks seen during the year. 

Attack duration
Source: Microsoft 2022 in review: DDoS attack trends and insights

Impact of DDoS Attacks

DDoS attacks have a massive impact on businesses, as a single attack can affect multiple aspects of an organization’s operations.

33. Average cost-per incident of DDoS attacks is $52,000 for small-to-medium-sized businesses, and $444,000 for enterprises.

34. Most commonly-encountered operational impacts of DDoS attacks are significant increase in load times (52%), slight increase in load times (33%), transaction failures (29%), and complete disruption/non-availability of services (13%).

35. Most commonly-encountered consequences of DDoS attacks are software/hardware replacement, reduction in revenue, loss of consumer trust, customer data theft, financial theft, and oss of intellectual property.

36. The global DDoS protection and mitigation market was valued at $2.91 Billion in 2022 and is expected to reach USD $7.45 Billion by 2030.

Notable Recent DDoS Attacks 

For an idea of the level of disruption this type of attack can cause, here are some of the most notorious DDoS events of the last year or so…  

KillNet Healthcare Campaign 

The pro-Russian hacking group KillNet started life as a DDoS-for-hire service in early 2022. Since then, it has developed into a fully-fledged threat actor. It tends to specialize in attacking targets within countries that are active in their support of Ukraine. 

A Microsoft advisory in March confirms that Killnet’s main focus has been on the pharma and life science sectors, hospitals, insurance, and healthcare. In late January 2023, KillNet launched an orchestrated wave of more than 90 DDoS attacks against mostly US-based health systems, hospitals, and medical centers. 

The impact of these particular attacks was said to be “minimal and temporary with no impact to care delivery services”. However, US authorities urged organizations within the health sector to review potential exposures and the adequacy of defenses in place, including web application firewalls and use of multi-content delivery network (CDN) solutions. 

The Minecraft DDoS Attack that Broke Andorra’s Internet 

Largest HTTP DDoS Attack on Record 

On the weekend of the 2023 Super Bowl, Cloudflare responded to dozens of hyper-volumetric attacks targeting - among others - a gaming provider, crypto companies, hosting providers and cloud computing platforms. 

The most significant attack exceeded 71 million requests-per-second (rps), making it the largest HTTP DDoS attack recorded, more than 54% higher than the previous record of 64 million rps observed in June 2022. 

Conclusion 

When the Ukraine invasion started - accompanied inevitably by a cyber war - threat actors were using a wide range of attack methods in pretty much equal measure. Fast forward to the start of 2023, however, and DDoS comprised three quarters of all cyber attacks. 

This reveals an important truth about DDoS: that sometimes the oldest and simplest attack methods are the most effective.

What’s more, far from being ‘just a nuisance’, denial-of-service translates directly into lost revenue; hence the steady growth in extortion-related DDoS attacks in the last year or so. And launching such an attack doesn’t take a technical genius - especially when you can pay a botnet-for-hire to conduct a month-long attack for less than $1,000.

Absolutely, I can modify the statement as follows:

The significance of DDoS is clear: it remains a significant part of the cyber threat landscape, and DDoS statistics should be on your radar.

FAQs

Sources

1. A10 Networks: 2022 DDoS Threat Report 

2. BlackBerry: Russian Hacktivist Group KillNet Hits U.S. Hospitals with DDoS Attacks

3. Cisco Annual Internet Report (2018–2023) White Paper

4. Cision PR Newswire: Lumen research reveals a rise in sophisticated, complex DDoS attacks in Q1 2023

5. Cloudflare: Cloudflare mitigates record-breaking 71 million request-per-second DDoS attack

6. Cloudflare: DDoS Threat Landscape Report: DDoS Trands from Q3 2022

7. Cloudflare: DDoS threat report 2022 Q3

8. Cloudflare: DDoS threat report for 2023 Q1

9. InformationWeek: DDoS Attacks Taking Cyber Extortion to The Next Level?

10. Imperva: Why Attackers Target the Financial Services Industry

11. Imperva: What DDoS Attacks Really Cost Your Business

12. Kaspersky: Global IT Security Risks Survey 2014 - Distributed Denial of Service (DDoS) Attacks

13. Microsoft: 2022 in review: DDoS attack trends and insights

14. Microsoft: KillNet and affiliate hacktivist groups targeting healthcare with DDoS attacks

15. Netscout: Unveiling the New Threat Landscape

16. Radware: 2022 Global Threat Analysis Report

17. Radware Full Year 2022 Report: Malicious DDoS Attacks Rise 150%

18. Radware: Hacktivism Unveiled, April 2023 Insights Into the Footprints of Hacktivists

19. SC Media: Hospitals urged to tighten DDoS defenses after health data found on Killnet list

20. SecurityBrief: DDoS attacks not only more frequent but more powerful - report

21. StormWall: 2022: DDoS Year-in-Review Report by StormWall

22. StormWall: Q1 2023 in Review: DDoS Attacks Report by StormWall

23. TechRepublic: 2022 Dark Web prices for cybercriminals services

24. Thales Group From Ukraine to the whole of Europe:cyber conflict reaches turning point

25. VMR: DDoS Protection And Mitigation Market Size And Forecast

Level Up in Cyber Security: Join Our Membership Today!

vip cta image
vip cta details
  • Gary Smith

    Gary spends much of his working day thinking and writing about professional and personal development, as well as trends and best practice in IT recruitment from both an organizational and employee perspective. With a background in regulatory risk, he has a special interest in cyber threats, data protection, and strategies for reducing the global cyber skills gap.

  • Zimbola says:

    Great post!

  • >