Gcore’s latest DDoS Radar report analyzes attack data from Q3–Q4 2024, revealing a 56% YoY rise in the total number of DDoS attacks with the largest attack peaking at a record 2 Tbps. The financial services sector saw the most dramatic increase, with a 117% rise in attacks, while gaming remained the most-targeted industry. This period’s findings emphasize the need for robust, adaptive DDoS mitigation as attacks become more precise and frequent. Let’s dive into the numbers.
Key takeaways: the future of DDoS defense
Here are the four key takeaways from Gcore Radar:
- DDoS attacks are increasing in volume and sophistication. The 17% growth in total attacks and new peak volume of 2 Tbps highlight the need for advanced protection.
- Financial services face growing risks. With a 117% increase in attacks, this sector requires heightened security measures.
- Shorter, high-intensity attacks are now the norm. Traditional mitigation approaches must adapt to rapid burst attacks that can evade detection.
- Geopolitical factors influence attack patterns. Understanding attack origins can help strengthen defenses in high-risk regions.
DDoS attack frequency increases to new high
The report highlights a sustained increase in attack frequency. Compared to Q3–Q4 2023, DDoS attacks have risen by 56%, underscoring the long-term growth trend.
Gcore identifies several technological and environmental factors that are likely contributing to the rising number of attacks:
- Easy access to attack tools: DDoS-for-hire services and botnets have lowered the barrier for launching attacks.
- Expanding IoT vulnerabilities: Poorly secured IoT devices continue to fuel larger botnets.
- Geopolitical and economic tensions: Political conflicts and financial motivations drive targeted attacks.
- More sophisticated attack strategies: Multi-vector and application-layer attacks make mitigation more difficult.
Largest attack reaches 2 Tbps
The largest recorded attack in Q3–Q4 2024 hit 2 Tbps, targeting a major global gaming company. This represents an 18% increase from the previous peak of 1.7 Tbps in Q1–Q2 2024.
While large-scale attacks like these are often mitigated quickly, their destructive potential continues to grow. Terabit-level attacks can cause widespread service outages and financial losses, particularly for businesses reliant on real-time operations.
Financial services face attack surge, but gaming remains the top target
Gaming remains the most-attacked sector, though its share of total attacks dropped from 49% in Q3–Q4 2023 to 34%. Possible explanations include:
- Improved DDoS protection forcing attackers to shift focus
- Ongoing motivation for attacks due to competitive gaming and financial incentives
- High revenue impact from service downtime
Also notable is the uptick in attacks on financial services, rising from 12% to 26% of total incidents. The sector’s heavy regulation, critical online services, and susceptibility to ransom-based attacks make it a prime target.
The full Gcore Radar report shares industry data for media and entertainment, retail, telecommunications, technology, and other industries.
Rise of ACK floods and shorter bursts
The distribution of DDoS attacks across the network and application layers during H2 2024 highlights a greater prevalence of network-layer attacks.
At the network layer, UDP flood attacks remain the most common method, accounting for 60% of all network-layer attacks. However, ACK flood attacks are on the rise, now making up 7% of total attacks. These attacks mimic legitimate traffic, making mitigation more challenging.
At the application layer, L7 UDP flood attacks accounted for 45%, while L7 TCP flood attacks rose to 37%. Gcore notes that the latter is gaining traction due to its ability to evade traditional filtering mechanisms.
Shorter but more disruptive attacks
One of the most notable shifts is the decrease in attack duration. The longest recorded attack in Q3–Q4 2024 lasted just five hours, compared to 16 hours in the previous period.
Shorter, high-intensity burst attacks are becoming more common. These attacks:
- Disrupt services quickly while avoiding sustained detection.
- Mimic legitimate traffic patterns, making mitigation more complex.
- Serve as smokescreens for other cyberattacks, including ransomware.
Geopolitical influences
Geopolitical tensions and economic rivalries continue to shape the DDoS landscape, with politically motivated attacks targeting financial services, critical infrastructure, and high-value enterprises. Meanwhile, regions with dense internet infrastructure—such as the Netherlands, the US, and China—serve as both launch points and battlegrounds for cybercriminal groups leveraging botnets, proxy networks, and DDoS-for-hire services.
The report identifies key regions contributing to DDoS attack traffic:
- The US and the Netherlands are top sources for both attack layers.
- Brazil is a growing hub for network-layer attacks.
- China and Indonesia both contribute significantly to global attack volumes.
Download the full report for application-layer attack geographic data.
Gcore DDoS Protection: mitigating the new wave of attacks
Gcore DDoS Protection leverages 200+ Tbps filtering capacity across six continents to neutralize attacks in real time. As DDoS threats evolve, organizations must adopt proactive defense strategies to safeguard their digital assets.
Note: This article is expertly written and contributed by Andrey Slastenov, Head of Security at Gcore.