DDoS attack power skyrockets to 1.6 Tbps

DDoS attack trends for the second half of 2023 reveal alarming developments in their scale and sophistication, according to Gcore.

The maximum attack power rose from 800 Gbps (1H 2023) to 1.6 Tbps. UDP floods continue to dominate, constituting 62% of DDoS attacks. TCP floods and ICMP attacks also remain popular at 16% and 12% of the total, respectively.

All other DDoS attack types, including SYN, SYN+ACK flood, and RST Flood, accounted for a mere 10% combined. While some attackers may use these more sophisticated approaches, the majority are still focused on delivering sheer packet volume to take down servers.

DDoS attacks rise in H2 2023

This global spread of attack sources demonstrates the borderless nature of cyber threats, where attackers operate across national boundaries. Gcore identified diverse attack origins in the latter half of 2023, with the US leading at 24%. Indonesia (17%,) the Netherlands (12%,) Thailand (10%,) Colombia (8%,) Russia (8%,) Ukraine (5%,) Mexico (3%,) Germany (2%,) and Brazil (2%) make up the top ten, illustrating a widespread global threat.

The geographic distribution of DDoS attack sources provides important information for creating targeted defense strategies and for shaping international policy-making aimed at combating cybercrime.

However, determining the location of the attacker is challenging due to the use of techniques like IP spoofing and the involvement of distributed botnets. This makes it difficult to assess motivations and capabilities, which can vary from state-sponsored actions to individual hackers.

The most-attacked business sectors were gaming (46%), financial (including banks and gambling services) (22%) and telecom (18%). In Q3/Q4, the longest attack duration lasted 9 hours, and the average length of attack was approximately an hour.

The past three years have brought about a >100% annual increase in DDoS peak (registered maximum) attack volume:

• In 2022, the peak capacity of DDoS attacks increased from 300Gbps (2021) to 650 Gbps
• In Q1–Q2 of 2023, it increased again to 800 Gbps
• In Q3–Q4 of 2023, it rocketed to 1600 Gbps (1.6 Tbps)

DDoS threats require international collaboration

The jump in H2 of 2023 has resulted in the cybersecurity industry now measuring DDoS attacks in a new unit, terabits. For comparison, even a “humble” 300 Gbps attack is capable of disabling an unprotected server. Paired with the geographical distribution of attack sources, it’s clear that DDoS threats are a serious and global issue, necessitating international cooperation and intelligence sharing to mitigate potentially devastating attacks effectively.

This escalation illustrates a significant and ongoing rise in the potential damage of DDoS attacks which, according to Gcore, is a trend that it expects to see continue in 2024.

According to Gcore’s statistics, in Q3-Q4 of 2023, UDP floods continue to dominate having become more popular amongst attackers in H1 of 2023. TCP floods and ICMP attacks have jumped into second and third place respectively.

There was a decrease in the number of SYN flood attacks from 24% in H1 of 2023, seeing SYN, SYN+ACK floods, and RST Floods making up the remaining types of attack in Q3/Q4.

“The exponential surge in attack power and variation in attack methods that we saw in the second half of 2023 illustrates how sophisticated cyber attackers are becoming. It’s more essential than ever for organisations to adopt a multifaceted defence strategy that can protect against a range of DDoS techniques. Failure to address these evolving threats can result in costly disruptions, reputational damage, loss of customer trust, and security breaches,” said Andrey Slastenov, Head of Security Department at Gcore.

“The increase in attack power to 1.6 Tbps is particularly alarming, signalling a new level of threat for which organisations must prepare. Paired with the geographical distribution of attack sources, it’s clear that DDoS threats are a serious and global issue, necessitating international cooperation and intelligence sharing to mitigate potentially devastating attacks effectively,” concluded Slastenov.