Who is DDoSing you? Rivals, probably, or cheesed-off users
Plus: 'Largest-ever' duff traffic tsunami clocks in at 5.6 Tbps
In addition to Chinese spies invading organizations' networks and ransomware crews locking up sensitive files, botnets blasting distributed denial of service (DDoS) attacks can still cause a world of hurt — and website downtime — and it's quite likely your competitors are to blame.
Cloudflare, in its most recent quarterly DDoS trends report, claims to have blocked 21.3 million of these junk-traffic assaults in 2024, a 53 percent jump compared to the year before. It also says it thwarted the largest-ever DDoS attack, clocking in at 5.6 terabits per second, but more on that in a minute.
What's more interesting is who is launching these attacks.
Most of the CDN giant's customers who were DDoSed last year told Cloudflare they didn't know who attacked them. The ones that did know, however, claimed their competitors were the top culprits (40 percent) responsible.
After competitors, state-sponsored crews were reportedly behind 17 percent of attacks, with a similar percentage coming from "a disgruntled user or customer."
Finally: 14 percent claimed an extortionist was responsible for a DDoS incident, seven percent admitted it was self-inflicted, and two percent each blamed hacktivists and former employees.
But now, back to the largest-ever DDoS attack, according to Cloudflare.
Record makin' and record breakin'
This one, which happened close to Halloween, was a Mirai-variant botnet built from more than 13,000 IoT devices, the CDN titan claimed. It lasted only 80 seconds and spewed 5.6 terabits of junk traffic per second, according to Cloudflare.
The DNS provider said it thwarted the attack against an unnamed internet service provider in Eastern Asia on October 29. And despite the deluge of packets spamming the unnamed ISP, Cloudflare bragged the UDP-based DDoS assault didn't affect the customer at all.
Stopping the traffic tsunami required zero human intervention (it was apparently detected and blocked autonomously) and didn't cause any performance degradation or affect any of the ISP's systems, we're told.
This broke the previous public record for largest-ever DDoS incident: A 3.8 Tbps attack, which Cloudflare also boasted about auto-detecting and mitigating.
It also reflects trends in DDoS attacks, which Cloudflare has been documenting quarterly since 2020, and the short version is: They are getting bigger and badder.
- 'Critical' CUPS vulnerability chain easy to use for massive DDoS attacks
- OpenAI's ChatGPT crawler can be tricked into DDoSing sites, answering your queries
- Cloudflare wants to put a firewall in front of your LLM
- Lights out for 18 more DDoS booters in pre-Christmas Operation PowerOFF push
In 2024, Cloudflare blocked about 21.3 million DDoS attacks, a 53 percent jump compared to 2023, the biz reported in its most recent DDoS trends report.
In the fourth quarter alone, Cloudflare said it beat back 6.9 million of these, which translates to a 16 percent increase compared to Q3 of 2024 and an 83 percent year-over-year increase. Plus, more than 420 of these in Q4 were hyper-volumetric, meaning they exceeded 1 billion packets per second and 1 Tbps. In fact, the number of attacks that topped 1 Tbps increased 1,885 percent quarter-over-quarter, or so Cloudflare says.
Also with the Q4 attacks: 49 percent (3.4 million) were OSI layer 3 and 4 DDoS attacks, and 51 percent (3.5 million) were HTTP-level DDoS attacks.
The majority of these HTTP attacks were launched by known botnets.
Ransom attacks surge
Another trend Cloudflare noted in its quarterly report: DDoS attacks are becoming shorter, meaning it's difficult — or impossible — for humans to manually respond to an alert, analyze the traffic, and block the network flood by hand.
This, of course, is rather self-serving as Cloudflare provides autonomous DDoS mitigation. But still, it's interesting to note that 72 percent of HTTP-based attacks end in under ten minutes. For the record: 22 percent last over an hour and 11 percent more than 24 hours. Again all according to Cloudflare.
Another interesting tidbit from the report: Cloudflare documented a spike in DDoS attacks in Q4 that required a ransom to end, with 12 percent of customers targeted by traffic-flooding attacks also reporting that these were accompanied by an extortion demand for a ransom payment.
This is a 78 percent spike compared to Q3, and a 25 percent increase year over year. ®