Flooding a target with fake traffic can be a simple yet brutally effective way of knocking it out of action. But just how common are DDoS (Distributed Denial of Service) attacks - and how much damage do they actually cause?
To help you make sense of this key part of the cyber threat landscape, let’s delve deeper into DDoS statistics. We'll take a closer look at the prevalence of DDoS attacks, how the numbers have changed over time, who’s responsible, the motivations behind attacks, who’s affected, and the cost of cleanup and defense.
DDoS Attack Patterns Statistics
1. Cisco predicted that the number of DDoS attacks globally per year would double from 7.9 million in 2018 to 15.4 million in 2023. This is based on historic data on the number of attacks per year up to 2020 and projections for a further three years,
2. There has been a 807% increase in DDoS attacks in the nine years to 2022. Quarterly incidents rose from ~325,000 in Q1 2013 to ~2.9 million in Q1 2022.
3. Netscout analysis suggests there were ~13 million attacks in 2022; a new high benchmark for attack frequency.
4. In 2022, there was a 74% YoY increase in the number of DDoS attacks.
5. Initial projections suggest further increases in the DDoS incident rate for 2023. Lumen Technologies mitigated more than 8,600 DDoS attacks in Q1 - a 40% YoY increase, and the second busiest quarter in two years.
6. Q1 2023 saw a 47% surge in attacks compared to the same period in 2022.
7. Globally, organizations mitigated an average of 29.3 attacks per day during Q4 2022, four times more than the same period in 2021.
What Is a DDoS Attack?
A DDoS (distributed denial-of-service) attack is a method of disrupting the normal functioning of a target network or server by overwhelming it with large volumes of internet traffic.
DDoS attacks are conducted remotely by an attacker using networks of devices infected with malware. These individual attack nodes are referred to as bots, and clusters of connected bots are known as botnets.
During an attack, each bot submits requests to the target’s IP address, with the aim of overwhelming the target with requests, thereby leading to denial-of-service to legitimate traffic.
Who Are the DDoS Targets?
When it comes to Microsoft-based systems and services specifically, the United States seems to be the most frequently targeted region by some considerable margin. For IT infrastructure in general, the US still comes out on top, but the gap between the US and other regions is considerably narrower.
8. Based on DDoS attacks observed by Microsoft, the top country to have Microsoft services target for DDoS attacks was the United States (45.02%), with India following second (13.22%)
9. The United States was the largest target of general DDoS attacks in 2022 at 18.3%.
Top Industries Targeted
10. The finance and telecommunications industries account for a combined 60% of all DDoS targets.
11. Globally, finance was the most attacked industry sector in 2022, with 53% of overall attack activity, followed by technology (20%) and healthcare (11%).
|USA||Finance 32%||Healthcare 24%||Technology 17%|
|Europe||Finance 71%||Technology 16%||Government 4%|
|APAC||Technology 70%||Finance 9%||Government 8%|
Because reasons behind attacks are very often not made known, the prevalence of various motivations are difficult to measure.
12. Cloudflare estimates that 9-19% of DDoS attacks are financially motivated - i.e. those attacks that involve extortion.
13. Other motivations are thought to include
- Ideology (hacktivism)
- Political (cyber warfare and targeted sabotage)
- Obscuration - i.e. providing cover for other cyber attacks, and personal motivation (hackers launching attacks ‘because they can’)
Who Are Committing DDoS Attacks?
Over the last year or so, the research points to a growth in the volume of DDoS attacks by both extortionists and politically-motivated threat actors.
Extortionists / Organized Crime
14. In Q3 2022, DDoS involving ransom demands increased 67% year-on-year and 24% quarter-on-quarter.
15. In Q1 2023, 16% of Cloudflare customers reported a ransom DDoS attack. This represents a 60% YoY increase.
16. Finance is the sector most targeted with extortion DDoS attacks. The volume of DDoS targeting financial services last year was 121% higher than in 2021.
17. Ransomware gangs observed to be using DDoS cyber extortion campaigns recently include BlackCat, REvil, Suncrypt, and AvosLocker.
Hacktivists and politically motivated attackers
18. Top 10 claiming actors for hacktivist DDoS activity Feb-Apr 2023. This is based an analysis of conversations of threat actors intercepted by Radware over Telegram:
19. Top countries attacked by hacktavists Feb-Apr 2023, based on claimed DDoS attacks. Again, this is based on conversation interceptions across Telegram channels.
Thales analysis shows how the focus of politically-motivated attacks has shifted as the war in Ukraine has progressed.
20. At the start of the conflict (Q1 2022), 50.4% of attacks in Europe affected Ukraine in isolation. By Q3 2022, this had reduced to 28.6%.
21. In Q1 2022, these attacks were divided more or less equally between DDoS attacks, espionage, data leaks and theft, influence campaigns, intrusion, and ransomware.
22. As the war has progressed, DDoS has gradually emerged as the favored attack method. As at March 2023, DDoS make up 75% of all attacks against companies and governments.
23. In summer 2022, there were almost as many conflict-related incidents in EU countries as there were in Ukraine (85% versus 86%).
24. By Q1 2023, the largest share of incidents (80.9%) have been inside the EU.
25. Within the EEA in 2022, Poland recorded 114 Ukraine-related attacks, The Baltic states - Estonia, Latvia and Lithuania (157 attacks), Sweden, Norway, Denmark and Finland (95 attacks), Germany (58 attacks), UK (18 attacks), France (14 attacks), Italy (14 attacks) and Spain (4 attacks).
26. 61% of attacks were perpetrated by pro-Russian hacktivist groups.
Sources of DDoS Attack Nodes
27. A single DDoS attack may deploy attack nodes spread across the world.
28. The top countries hosting DDoS bots are as follows:
|Rest of the World||8,333,728|
29. In 2022, small DDoS attacks (below 1Gbps) lasted 4 minutes on average.
30. Attacks between 50 and 100 Gps lasted 8.67 hours on average.
31. The longest attacks (between 100 and 250 Gps) lasted 66 hours, or 2.75 days.
32. In 2022, 89% of attacks lasted less than one hour. Attacks spanning one to two minutes accounted for 26% of attacks seen during the year.
Impact of DDoS Attacks
DDoS attacks have a massive impact on businesses, as a single attack can affect multiple aspects of an organization’s operations.
33. Average cost-per incident of DDoS attacks is $52,000 for small-to-medium-sized businesses, and $444,000 for enterprises.
34. Most commonly-encountered operational impacts of DDoS attacks are significant increase in load times (52%), slight increase in load times (33%), transaction failures (29%), and complete disruption/non-availability of services (13%).
35. Most commonly-encountered consequences of DDoS attacks are software/hardware replacement, reduction in revenue, loss of consumer trust, customer data theft, financial theft, and oss of intellectual property.
36. The global DDoS protection and mitigation market was valued at $2.91 Billion in 2022 and is expected to reach USD $7.45 Billion by 2030.
Notable Recent DDoS Attacks
For an idea of the level of disruption this type of attack can cause, here are some of the most notorious DDoS events of the last year or so…
KillNet Healthcare Campaign
The pro-Russian hacking group KillNet started life as a DDoS-for-hire service in early 2022. Since then, it has developed into a fully-fledged threat actor. It tends to specialize in attacking targets within countries that are active in their support of Ukraine.
A Microsoft advisory in March confirms that Killnet’s main focus has been on the pharma and life science sectors, hospitals, insurance, and healthcare. In late January 2023, KillNet launched an orchestrated wave of more than 90 DDoS attacks against mostly US-based health systems, hospitals, and medical centers.
The impact of these particular attacks was said to be “minimal and temporary with no impact to care delivery services”. However, US authorities urged organizations within the health sector to review potential exposures and the adequacy of defenses in place, including web application firewalls and use of multi-content delivery network (CDN) solutions.
The Minecraft DDoS Attack that Broke Andorra’s Internet
Largest HTTP DDoS Attack on Record
On the weekend of the 2023 Super Bowl, Cloudflare responded to dozens of hyper-volumetric attacks targeting - among others - a gaming provider, crypto companies, hosting providers and cloud computing platforms.
The most significant attack exceeded 71 million requests-per-second (rps), making it the largest HTTP DDoS attack recorded, more than 54% higher than the previous record of 64 million rps observed in June 2022.
When the Ukraine invasion started - accompanied inevitably by a cyber war - threat actors were using a wide range of attack methods in pretty much equal measure. Fast forward to the start of 2023, however, and DDoS comprised three quarters of all cyber attacks.
This reveals an important truth about DDoS: that sometimes the oldest and simplest attack methods are the most effective.
What’s more, far from being ‘just a nuisance’, denial-of-service translates directly into lost revenue; hence the steady growth in extortion-related DDoS attacks in the last year or so. And launching such an attack doesn’t take a technical genius - especially when you can pay a botnet-for-hire to conduct a month-long attack for less than $1,000.
Absolutely, I can modify the statement as follows:
The significance of DDoS is clear: it remains a significant part of the cyber threat landscape, and DDoS statistics should be on your radar.