We are reader supported and sometimes earn a commission if you buy through a link on our site.

DDoS Attack Statistics, Facts, and Figures for 2024

Distributed Denial of Service (DDoS) attacks are a popular tool among online troublemakers. But just how bad is it?

Distributed Denial of Service (DDoS) attacks have long been a favorite tool for online extortionists and troublemakers.

In a DDoS attack, a botnet (a network of private computers being remotely controlled by malicious software and without their owners’ knowledge) is used to overwhelm a server or other online target with bogus requests, which either greatly slows down site performance or completely shuts down the target’s ability to service the requests.

In other words, bad guys can take control of your security cam, internet-connected refrigerator, and other connected devices, and tell them to send data requests to a targeted server (belonging to Amazon, for example), overwhelming it. (Think of rush hour in Los Angeles. Everyone tries to drive on the 5 freeway at once, leading to an overall traffic jam.)

In the past, DDoS attacks have targeted corporate sites to force the victim to pay a ransom to obtain relief from the attack. However, in this, the year of the U.S. presidential election and the year of the COVID-19 coronavirus pandemic, the targets, and intentions behind the attacks have changed somewhat.

In this article, we’ll examine the current status of DDoS attacks on the web, how they’ve grown, and how they have changed during the last year or so. We’ll take a look at the how, why, and when of such attacks, as well as the costs and damages.

1. DDoS Attacks Periodically Change Target Focus

2020 was an election year and was also the first full year of the COVID-19 pandemic. This led to a change in the focus of DDoS attacks during the first half of that year.

New election-year-related attack targets have included a U.S. voter registration and information website that was hit in early February. Luckily, the website was well protected against DDoS attacks, and this attack failed.

During 2020, due to the COVID-19 pandemic, much of the world’s day-to-day activities shifted to the internet. This included work, shopping, food delivery, school work, recreation like streaming video and playing games, and much more. (Many folks still work remotely, even though many companies have begun telling their employees to return to the office.)

Another reason for the increased use of the internet was that people were searching for information about COVID-19. This made government and health-related websites an attractive target for DDoS attackers.

In mid-March 2020, attackers attempted to overrun the official website of the U.S. Department of Health and Human Services (HHS). The attempt was apparently designed to take down a source of official data about the pandemic, while other bad actors spread misinformation about COVID-19 via text messages, email, and social networks.

However, the fine IT folks responsible for the HHS website were ready for such an attack, and it failed.

Similar attacks hit other health-related organizations in other parts of the world, as the Paris-based group of hospitals Assistance Publique-Hôpitaux de Paris was hit by a DDoS attack designed to take down the infrastructure of the organization.

While remote workers were unable to use corporate apps and email for a while, the attack failed to take down the entire organization.

DDoS attacks hit at least two food delivery services (Lieferando in Germany and Thuisbezorgd in the Netherlands). Both companies were still able to take orders, but were unable to process the orders and had to return their customers’ money. The cybercriminals responsible for the Lieferando attack demanded 2 Bitcoin (BTC) to put a halt to the attack.

Online games were also not immune to the attacks, as DDoS traffic hit both Battle.net and Eve Online during the first quarter of 2020. Eve Online was under attack for nine straight days.

Cybersecurity researchers are also becoming targets of DDoS attacks. In 2016, prominent security researcher Brian Krebs was the target of a tremendous DDoS attack, which came close to disrupting his website’s ability to service requests. Only a valiant attempt by his web provider, Akamai, was able to fend off the nearly overwhelming attack. More about that later.

2. Financial Services Continue to Be Popular DDoS Victims

Financial services have continued to be popular targets for DDoS threats. Late February 2020 saw several Australian financial institutions receiving emails that threatened attacks unless a ransom was paid in cryptocurrency. Institutions in Singapore, South Africa, and other countries received similar emailed threats.

From March to June 2020, phishing and ransomware attacks targeting banks grew by 520% compared to the March to June 2019 period.

3. DDoS Attacks Expected to Continue to Increase

The 2023 Imperva Global DDoS Threat Landscape Report says application layer DDoS attacks increased by 82% in 2022, compared to 2021. Notably, DDoS attacks on the financial services sector grew by 121% year-over-year.

A series of 2018 FBI crackdowns on DDoS-for-hire services closed down 15 such services, resulting in a substantial drop in attacks. However, much like Marvel’s fictional group of bad guys called Hydra, when you cut the head off of a DDoS group, two seem to take its place.

4. DDoS Attacks Can Eat Up Bandwidth – a Lot of Bandwidth

This may seem like a fact to be filed under “D” for “DUH!”, but you may not realize exactly how much internet traffic a DDoS attack can generate. Such attacks are a massive threat to a country’s internet infrastructure, and they continue to grow.

DDoS attacks can represent up to 25% of a country’s total internet traffic when they are in progress. For example, the largest DDoS attack in Q1 2019 was 587 GB in volume, compared to the largest Q1 2018 attack which amounted to 387 GB in volume. Please note, these numbers are for a single DDoS attack.

5. DDoS Attacks Benefit From the Increasing Number of Internet of Things Devices

It is expected that by 2030 the number of Internet of Things (IoT) devices in the United States will hit 25.4 billion. The average number of connected devices per household in 2022 is 22 devices. By 2025, it is expected that 75.44 billion IoT devices will be installed globally.

Why is this important? Because IoT devices (such as security cams, smart thermostats, refrigerators, baby monitors, and more) are notoriously unsecure.

Users often fail to change the default administrator password, or flaws in the firmware of such devices leave them open to hackers who enroll the devices into botnets that are used to overwhelm DDoS attack targets.

A10 Networks claims it has tracked over 20.3 million DDoS weaponized devices, which includes infected IoT devices, as well as infected computers and servers.

6. China and the United States Were the Most Popular DDoS Attack Targets

During the third quarter of 2022, China and the United States were the two top targets for DDoS attacks. Attacks on US-based websites increased 60% quarter-over-quarter and 105% year-over-year. After the US was China with a 332% increase quarter-over-quarter and an 800% increase year-over-year.

HTTP DDoS attacks targeting Taiwan and Japan surged in the third quarter of 2022, with Taiwan targeting increasing by 200% quarter-over-quarter, while attacks targeting Japan increased by 105% quarter-over-quarter.

Meanwhile, the Ukraine/Russia war led to attacks on Ukrainian websites increasing 67% quarter-over-quarter. However, the attacks actually decreased by 50% year-over-year. Attackers also took shots at Russian websites as attacks increased by 31% quarter-over-quarter and 2,400% year-over-year.

7. China and the United States Are Also the Most Popular DDoS Launchpads

China and the United States might have been the two top attack targets, but they were also the top two homes for DDoS attack originations.

A10 Networks says that in 2022, China hosted the most DDoS weapons, with over two million amplification weapons and botnet agents. The U.S. was home base for more than 1.8 million weapons and botnet agents. South Korea, Italy, and Russia filled out the top five DDoS launchpads, with 1.3 million, 974,000+, and 810,000, respectively.

8. India and China Are the Most Popular Botnet Hubs

The Spamhaus Project says that as of February 2023, the country with the most botnets is India, with more than 775,000 botnets, while China ranks second with nearly 773,000 botnets. The United States was a distant third, with nearly 307,000 botnets.

Numerous autonomous system number (ASN) operators – mostly Internet Service Providers – showed large numbers of infected IP addresses due to extensive botnet malware. The top five infected ASN operators were located in China, India, Egypt, and Vietnam.

9. DDoS Attack Expenses for Victims Continue to Mount

DDoS attack victims continue to face rising costs associated with the attacks. A recent survey by web analytics firm Neustar of 1,000 executives from enterprise firms revealed that DDoS attacks are on the rise, and businesses are forced to pay more to repair the damage, even as they are losing increasing amounts of money due to online service disruptions.

84% of survey respondents say they have experienced at least one DDoS attack in the 12 months preceding the survey. That’s an 11% increase over the previous year.

86% of participants say they had been the victim of multiple DDoS attacks in the previous 12-month period. 63% said the loss of revenue experienced by DDoS attacks can be more than $100,000 an hour.

Over 45% of businesses that responded in a separate survey by Corero say they believe the loss of consumer confidence is the worst result of DDoS. The loss of confidence can cause customers to move to competitors, making it difficult to determine the overall financial impact of such attacks.

10. Bad Actors Are Using New Techniques to Perform Attacks

The bad guys are making use of numerous new techniques to disrupt businesses. These new approaches include Generic Routing Encapsulation (GRE)-based flood attacks, as well as Connectionless Lightweight Directory Access Protocol (CLDAP) reflection techniques.

Things are aggravated by the increased use of Internet of Things (IoT) devices in the enterprise. These are sometimes left unsecured, allowing them to be used as entry points to avoid business network defenses. The IoT devices become slave nodes, which are used in the DDoS traffic stream.

Multi-vector DDoS attacks are becoming more popular. These attacks combine different methods of attack into one quick attack, then repeat the attack shortly after. In 2022, Comcast Business said that it had mitigated 24,845 multi-vector DDoS attacks during 2021, which was a 47% increase over 2020. 69% of Comcast’s customers experienced DDoS attacks in 2021, and 55% of those attacks were of the multi-vector variety.

11. Tools Are Available to Ward Off DDoS Attacks

Earlier I told you about how cybersecurity researcher Brian Krebs saw his website become the target of a DDoS attack. While his web hosting service (Akamai) was able to turn back the attackers, the sheer size of the attack and the costs related to defending against it led to Akamai telling Krebs that it could not defend against another attack of that size.

Luckily, there are services available to enable websites to ward off DDoS attacks. For example, Google offers Project Shield, a free DDoS protection service designed to protect websites against such attacks. This is the service Krebs turned to for future protection against attacks.

Project Shield availability is limited to certain types of websites, including:

  • News or journalism
  • Human rights
  • Elections monitoring or information
  • Political organizations of certain countries (access is subject to local law)

Google does not accept applications from other types of websites, such as gaming, commercial, or personal sites.

Cloudflare offers paid DDoS protection, and Amazon Web Services offers its clients similar protection.

In Closing

As we’ve discovered, Distributed Denial of Service attacks are a problem that won’t be going away any time soon. As a matter of fact, the problem continues to grow with each passing year. Corporate IT providers will continue to face mounting pressure to prevent and resolve such attacks.

DDoS Attacks FAQs

Can a Firewall Stop a DDoS Attack?

While a firewall cannot stop a DDoS attack on its own, it can be a valuable tool in your DDoS prevention arsenal. Firewalls on their own cannot distinguish between malicious and legitimate traffic. DDoS attacks sometimes use HTTP floods, which are composed of legitimate HTTP sessions.

You should make use of other protections such as appliances that sit in front of firewalls, like those offered by Arbor, Fortinet, Check Point, Cisco and other vendors.

That said, you can configure your firewall to drop incoming ICMP packets or block UDP port 53 to block DNS responses from outside your network. This can help prevent some ping-based and DNS attacks.

Can a DDoS Attack Create a Data Breach?

While a DDoS attack is not a data breach on its own, it is a means to perform a breach. A DDoS attack should act as an alarm for IT professionals not only due to its ability to hamper network performance but also because it can lower a system’s ability to defend itself.

Many times, bad actors will launch a DDoS attack to mask a more deadly security breach. This is like a magician’s trick that draws attention to his left hand while his right one performs the sleight of hand required by the trick.

If a DDoS attack can down an intrusion prevention system or a firewall for only a few moments, that could be all the time needed for a bad guy’s data breach trick.

How Long Can a DDoS Last?

A DDoS attack can last from minutes to weeks.

According to a Kaspersky Lab report during the last quarter of 2018, one DDoS attack lasted 329 hours. (That’s almost two weeks.) During 2018, the average length of a DDoS attack more than doubled from the start of the year to its end (95 minutes to 218 minutes). Attacks are increasing in length due to the fact that they are becoming more complex and tougher to mitigate.

Does Changing Your IP Address Stop DDoS?

Changing your IP address can end a DDoS attack (at least temporarily). When requesting a new IP address from your provider, make sure you also send a DHCP release or renewal request as part of the process. Otherwise, you may receive the same IP address you had before.

Also, if you use a dynamic DNS service and the attack is directed at your hostname instead of the IP address, you may find that you are still under attack, as the hostname follows you to your new IP address.

How Frequent Are DDoS Attacks?

During 2022, organizations around the globe mitigated an average of 29.3 attacks per day during Q4 2022, which was 3.5 times more compared to the 8.4 attacks per day the organizations saw at the end of 2021.

The number of DDoS attacks grew 150% internationally when compared to 2021. The number of attacks in the Americas increased 212% compared to 2021.

Can a DDoS Attack Be Traced?

DDoS attacks have become tougher to trace thanks to the layers of bot armies that disguise the original source thanks to their use of encrypted and peer-to-peer connections.

That said, if a DDoS attacker has not properly masked their IP address, it could be possible to trace the attack back to them, but only in the time during or immediately following the attack. The longer an investigation takes to be initiated, the lower the chances of finding the originator of a DDoS attack.


Leave a Comment