DUBAI, UAE, 10th February, 2025: Cloudflare, Inc., the security, performance, and reliabilitycompany helping to build a better Internet, has announced its 2024 Q4 DDoS report. Thisreport includes insights and trends about the DDoS threat landscape — as observed acrossthe global Cloudflare network, which is one of the largest in the world.Key findings• In 2024, Cloudflare’s autonomous DDoS defense systems blocked around 21.3million DDoS attacks, representing a 53% increase compared to 2023. On average,in 2024, Cloudflare blocked 4,870 DDoS attacks every hour.• In the fourth quarter, over 420 of those attacks were hyper-volumetric, exceedingrates of 1 billion packets per second (pps) and 1 Tbps. Moreover, the amount ofattacks exceeding 1 Tbps grew by a staggering 1,885% quarter-over-quarter.• During the week of Halloween 2024, Cloudflare’s DDoS defense systemssuccessfully and autonomously detected and blocked a 5.6 Terabit per second(Tbps) DDoS attack — the largest attack ever reported.HTTP DDoS attacksThe majority of the HTTP DDoS attacks (73%) were launched by known botnets. Anadditional 11% were HTTP DDoS attacks that were caught pretending to be a legitimatebrowser. Another 10% were attacks which contained suspicious or unusual HTTP attributes.The remaining 8% “Other” were generic HTTP floods, volumetric cache busting attacks, andvolumetric attacks targeting login endpoints.HTTP vs. HTTPSIn Q4, almost 94% of legitimate traffic was HTTPS. Only 6% was plaintext HTTP (notencrypted). Looking at DDoS attack traffic, around 92% of HTTP DDoS attack requests wereover HTTPS and almost 8% were over plaintext HTTP.Layer 3/Layer 4 DDoS attacksThe top three most common Layer 3/Layer 4 (network layer) attack vectors were SYNflood (38%), DNS flood attacks (16%), and UDP floods (14%). An additional common attackvector, or rather, botnet type, is Mirai. Mirai attacks accounted for 6% of all network layerDDoS attacks — a 131% increase QoQ. In 2024 Q4, a Mirai-variant botnet was responsiblefor the largest DDoS attack on record.Hyper-volumetric DDoS attacksIn 2024 Q3, Cloudflare started seeing a rise in hyper-volumetric network layer DDoS attacks.In 2024 Q4, the amount of attacks exceeding 1 Tbps increased by 1,885% QoQ and attacksexceeding 100 Million pps (packets per second) increased by 175% QoQ. 16% of theattacks that exceeded 100 Million pps also exceeded 1 Billion pps.Attack sizeThe majority of HTTP DDoS attacks (63%) did not exceed 50,000 requests per second. Onthe other side of the spectrum, 3% of HTTP DDoS attacks exceeded 100 million requests
per second. Similarly, the majority of network layer DDoS attacks are also small. 93% did notexceed 500 Mbps and 87% did not exceed 50,000 packets per second.Attack durationThe majority of HTTP DDoS attacks (72%) end in under ten minutes. Approximately 22% ofHTTP DDoS attacks last over one hour, and 11% last over 24 hours. Similarly, 91% ofnetwork layer DDoS attacks also end within ten minutes. Only 2% last over an hour.Attack sourcesIn the last quarter of 2024, Indonesia remained the largest source of DDoSattacks worldwide for the second consecutive quarter. Hong Kong came in second, havingmoved up five spots from the previous quarter. Singapore advanced three spots, coming inthird place.Target of attacksIn 2024 Q4, China maintained its position as the most attacked country. Philippines makesits first appearance as the second most attacked country in the top 10. Taiwan jumped tothird place, up seven spots compared to last quarter.Most attacked industriesIn the fourth quarter of 2024, the Telecommunications, Service Provider and Carriersindustry jumped from the third place (last quarter) to the first place as the industry that’smost targeted by DDoS attacks. The Internet industry came in second, followed byMarketing and Advertising in third.Ransom DDoS attacksIn the final quarter of 2024, as anticipated, Cloudflare observed a surge in Ransom DDoSattacks. This spike was predictable, given that Q4 is a prime time for cybercriminals, withincreased online shopping, travel arrangements, and holiday activities. In Q4, 12% ofCloudflare customers that were targeted by DDoS attacks reported being threatened orextorted for a ransom payment. This represents a 78% QoQ increase and 25% YoY growthcompared to 2023 Q4.Commenting on the report, Bashar Bashaireh, VP – Middle East, Türkiye & North Africa atCloudflare, says: “Too many organizations only implement DDoS protection after suffering anattack. Our observations show that organizations with proactive security strategies are moreresilient. At Cloudflare, we invest in automated defenses and a comprehensive securityportfolio to provide proactive protection against both current and emerging threats. With our321 Tbps network spanning 330 cities globally, we remain committed to providing unmeteredand unlimited DDoS protection no matter the size, duration and quantity of the attacks.”Note: Dive into the full report here.-Ends-
Q4 2024 DDoS Attack Trends – Cloudflare Report
