Cloudflare Report on DDoS Attack Trends

Cloudflare, Inc. has released its sixteenth edition of the 2023 Q4 DDoS report, highlighting key insights into the DDoS threat landscape observed across its global network—one of the world’s largest.

Key Findings:

1. In Q4, Cloudflare recorded a 117% year-over-year increase in network-layer DDoS attacks. DDoS activity also rose overall, specifically targeting retail, shipment, and public relations websites during Black Friday and the holiday season.
2. DDoS attack traffic targeting Taiwan experienced a significant 3,370% growth compared to the previous year, linked to the upcoming general election and reported tensions with China. Additionally, DDoS attacks targeting Israeli and Palestinian websites increased, with a 27% quarter-over-quarter rise for Israel and a substantial 1,126% quarter-over-quarter increase for Palestine amid the ongoing conflict.
3. There was an astonishing 61,839% surge in DDoS attack traffic targeting Environmental Services websites in Q4, coinciding with the 28th United Nations Climate Change Conference (COP 28).

Hyper-volumetric HTTP DDoS Attacks:

In 2023, the Internet faced unprecedented challenges with DDoS attacks reaching new heights in size and sophistication. Cloudflare encountered a campaign of hyper-volumetric DDoS attacks at rates never seen before. These attacks, exploiting an HTTP/2 vulnerability, culminated in the mitigation of the largest attack ever seen in Q3—201 million requests per second, almost 8 times larger than the 2022 record.

Growth in Network-layer DDoS Attacks:

Following the hyper-volumetric campaign, Cloudflare observed a 20% decrease in HTTP DDoS attacks compared to 2022. However, there was an 85% increase in network-layer DDoS attacks, with Cloudflare’s automated defenses mitigating 8.7 million such attacks in 2023.

DDoS Attacks During COP 28:

In the final quarter of 2023, there was a significant shift in cyber threats. The Environmental Services industry witnessed a staggering 618-fold increase in HTTP DDoS attacks during COP 28, highlighting an alarming trend at the intersection of environmental issues and cybersecurity.

DDoS Attacks and Iron Swords:

DDoS attacks played a role in the Ukraine-Russia war and the Israel-Hamas conflict. Operation “Iron Swords” in the Israel-Hamas war saw DDoS attacks targeting both sides. Palestinian Banking websites were the primary target (90%), while Israeli Newspaper & Media sites received almost 40% of all Israel-bound HTTP DDoS attacks.

HTTP DDoS Attacks:

• Top Origins: The US replaced China as the largest source of HTTP DDoS attack traffic since Q4 2022. China and the US together account for over a quarter of all global HTTP DDoS attack traffic.
• Most Attacked Industries: Cryptocurrency was the most attacked industry by volume, followed by Gaming & Gambling.
• Most Attacked Countries: Singapore, the US, and Canada were the top three targets of HTTP DDoS attacks in Q4, with Taiwan ranking fourth.

Network Layer DDoS Attacks:

• Target Countries: China was the most attacked country, constituting 45% of all network-layer DDoS traffic mitigated by Cloudflare globally.
• Most Attacked Industries: Public Relations and Communications, with 36% of its traffic being malicious.

Attack Vectors and Attributes:

The majority of DDoS attacks are short and small, but even these can disrupt unprotected websites. Mirai-variant botnets remain common, with 3% of attacks originating from Mirai. DNS-based attacks, including DNS Floods and DNS Amplification, account for almost 53% of all attacks in Q4. SYN Flood follows in second and UDP floods in third.

Bashar Bashaireh, Managing Director & Head of Sales – Middle East and Türkiye at Cloudflare, emphasized the company’s commitment to a secure, performant, and available internet for all, highlighting their unmetered DDoS protection since 2017.