Cloudflare, Inc., a prominent company dedicated to enhancing internet security, performance, and reliability, has unveiled its report on DDoS (Distributed Denial of Service) trends for the third quarter of 2023. This comprehensive report provides valuable insights into the evolving DDoS threat landscape, as observed across Cloudflare’s vast global network, spanning more than 300 cities in over 100 countries. Within this network, Cloudflare handles over 64 million HTTP requests per second at peak times and approximately 2.3 billion DNS queries daily, effectively mitigating a staggering 140 billion cyber threats each day. This wealth of data uniquely positions Cloudflare to comprehend the DDoS threat landscape and share actionable insights with the community.
Recent weeks have witnessed a surge in DDoS attacks and other cyber assaults targeting Israeli newspaper and media websites, financial institutions, government websites, and Palestinian websites. The report provides in-depth coverage of these developments.
Key Highlights from the DDoS Landscape in Q3:
1. Unprecedented Attack Campaigns: In the third quarter of 2023, Cloudflare encountered one of the most sophisticated and relentless DDoS attack campaigns in recorded history.
2. Hyper-Volumetric HTTP DDoS Attacks: Cloudflare successfully mitigated thousands of these attacks, with 89 surpassing 100 million requests per second (rps), the largest peaking at a staggering 201 million rps—tripling the previous record of 71 million rps.
3. Surge in DDoS Traffic: The campaign contributed to a 65% increase in HTTP DDoS attack traffic during Q3, compared to the previous quarter. L3/4 DDoS attacks also witnessed a 14% uptick.
4. Top Targets: Gaming and gambling companies experienced the highest volume of HTTP DDoS attacks, overtaking the cryptocurrency industry from the previous quarter.
HTTP DDoS Attacks:
– Last quarter, the volume of HTTP DDoS attacks increased by 15% quarter-over-quarter (QoQ). In Q3, it surged by 65% QoQ, reaching an astonishing total of 8.9 trillion HTTP DDoS requests automatically detected and mitigated by Cloudflare’s systems.
– The United States remained the largest source of HTTP DDoS attacks, with one out of every 25 requests originating from the US. China held the second position, while Brazil replaced Germany as the third-largest source of HTTP DDoS attacks.
– In terms of total attack traffic, the US was the primary target, with nearly 5% of all HTTP DDoS attacks directed at the US. Singapore ranked second, followed by China.
Regional Findings:
– Middle East: Retail companies faced the most attacks, followed by computer software companies and the gaming and gambling industry.
– Africa: The telecommunications industry, which held the top position in the past two quarters, dropped to fourth place. Media production companies were the most targeted, followed by the banking, financial services, and insurance (BFSI) industry, and gaming and gambling companies.
L3/4 DDoS Attacks:
– Cloudflare observed a minor 14% increase in L3/4 DDoS attacks. Approximately 36% of all L3/4 DDoS attack traffic originated from the US, with Germany and the UK ranking second and third, respectively.
– The information technology and internet industry were the most targeted, accounting for almost 35% of all L3/4 DDoS attack traffic (in bytes). Telecommunication companies followed with a 3% share, and gaming and gambling came in third, with BFSI in fourth place.
– For the second consecutive quarter, Chinese internet networks and services remained the primary target of L3/4 DDoS attacks, representing 29% of all attacks in Q3, with the US and Taiwan ranking second and third, respectively.
Top Attack Vectors:
– DNS-based DDoS attacks were the most common for the second consecutive quarter, constituting nearly 47% of all attacks—a 44% increase compared to the previous quarter. SYN floods and RST floods followed, along with UDP floods and Mirai attacks.
Ransom DDoS Attacks:
– Reports of ransom DDoS attacks continued to decrease in the past quarter, with approximately 8% of respondents reporting threats or incidents. This could be due to organizations refusing to pay ransoms or a seasonal trend.
– However, an increase in ransom DDoS attacks is expected during the months of November and December, as seen in Q4 data from the past three years.
Cloudflare’s Recommendations:
– To help organizations optimize their defenses against DDoS attacks, Cloudflare has provided a list of recommendations and step-by-step wizards for securing applications and preventing DDoS attacks.
Bashar Bashaireh, Managing Director & Head of Sales – Middle East and Türkiye at Cloudflare
“The importance of a multi-layered defense strategy and Cloudflare’s commitment to safeguarding a safer and more reliable digital environment. He reiterated their mission to build a better internet for all.”