Cloudflare, Inc., a global security, performance, and reliability company, has released its 2024 Q4 DDoS report, providing critical insights into the evolving DDoS threat landscape. Cloudflare, one of the world’s largest networks, continues to monitor and defend against massive cyberattacks across the globe.
Key Findings from the 2024 Q4 DDoS Report:
Increased Attack Volume: Cloudflare’s autonomous DDoS defense systems blocked approximately 21.3 million DDoS attacks in 2024, marking a 53% increase from 2023. This translates to an average of 4,870 attacks blocked every hour.
Hyper-Volumetric Attacks Surge: Over 420 DDoS attacks in Q4 surpassed 1 billion packets per second (pps) and 1 Terabit per second (Tbps). The number of attacks exceeding 1 Tbps grew by an astounding 1,885% quarter-over-quarter.
Record-Breaking Attack: Cloudflare’s systems successfully blocked a massive 5.6 Tbps DDoS attack during the Halloween week, setting a new record for the largest attack ever detected.
DDoS Attack Breakdown:
HTTP DDoS Attacks: 73% of HTTP DDoS attacks originated from known botnets, with 11% pretending to be legitimate browsers and another 10% exhibiting suspicious HTTP attributes.
HTTPS Dominance: Nearly 94% of legitimate web traffic in Q4 was encrypted via HTTPS, with 92% of HTTP DDoS attacks occurring over HTTPS.
Layer 3/Layer 4 DDoS Attacks: The most common attack vectors at the network layer were SYN floods (38%), DNS flood attacks (16%), and UDP floods (14%). A variant of the Mirai botnet was responsible for the largest DDoS attack on record in Q4.
Hyper-Volumetric Attacks: Attacks exceeding 1 Tbps increased by 1,885% compared to Q3, with a 175% rise in attacks exceeding 100 million pps.
DDoS Attack Characteristics:
Size and Duration: While 63% of HTTP DDoS attacks did not exceed 50,000 requests per second, 3% surpassed 100 million requests per second. Most attacks, both HTTP and network layer, lasted under 10 minutes.
Geographical Sources and Targets: Indonesia remained the largest source of DDoS attacks, followed by Hong Kong and Singapore. The top targeted countries were China, the Philippines, and Taiwan.
Most Attacked Industries: The Telecommunications, Service Providers, and Carriers sector was the most targeted in Q4, followed by the Internet industry and Marketing & Advertising.
Ransom DDoS Attacks: Cloudflare observed a surge in ransom DDoS attacks in Q4, with 12% of targeted customers reporting ransom demands, representing a 78% increase from the previous quarter.
Bashar Bashaireh, VP – Middle East, Türkiye & North Africa at Cloudflare, commented, “Organizations must adopt proactive security strategies. Our 321 Tbps network across 330 cities globally is built to provide unmetered and unlimited DDoS protection, regardless of the attack’s size or duration. We remain dedicated to defending our customers against evolving threats.”
Cloudflare’s ongoing investment in automated defenses highlights the importance of early detection and mitigation of DDoS attacks. The company continues to lead in providing proactive protection across its extensive network, shielding businesses from the growing cyber threat landscape.
