DDoS Attacks Reach New Heights in 2024 Q4
Hyper-Volumetric Attacks Surge
Cloudflare reported a significant surge in hyper-volumetric attacks in the fourth quarter of 2024. According to their quarterly analysis, over 420 of these attacks exceeded rates of 1 billion packets per second (pps) and 1 Terabit per second (Tbps). One particular attack reached an astonishing 5.6 Tbps, making it the largest ever reported.
Almost Seven Million DDoS Attacks in the Quarter
Cloudflare mitigated 6.9 million DDoS attacks in 2024 Q4, representing a 16% quarter-over-quarter (QoQ) jump and an 83% year-over-year (YoY) increase. The majority of these attacks were Layer 3/Layer 4 DDoS attacks (49%), with the remaining 51% being HTTP DDoS attacks.
Connected Devices Most Targeted
The analysis found that connected devices were the most targeted, with HITV_ST_PLATFORM, the operating system tool for smart TVs and set-top boxes, being almost exclusively used in DDoS attacks. In fact, 99.9% of traffic coming from this user agent was found to be malicious.
New Mirai Botnet Variants Emerge
The report highlighted the emergence of new Mirai botnet variants, including Murdoc_Botnet, which has been targeting AVTech Cameras and Huawei routers using known vulnerabilities for initial access. Additionally, a new variant of the Mirai botnet was found to be used for zero-day attacks on industrial routers.
DDoS Attack Trends and Statistics
* 73% of HTTP DDoS attacks were launched by known botnets
* 11% of attacks pretended to be a legitimate browser
* 10% of attacks contained suspicious or unusual HTTP attributes
* 13 of the most commonly used user agents were outdated Chrome versions between 118 and 129
* GET requests accounted for 70% of HTTP methods, while POST requests accounted for 27%
Regional Breakdown of DDoS Attacks
According to Cloudflare’s analysis, the top five sources of DDoS attacks worldwide were:
* Indonesia
* Hong Kong
* Singapore
* Ukraine
DDoS Attack Motivations
A Cloudflare customer survey revealed that:
* 40% of DDoS attacks were launched by competitors
* 17% were launched by state-sponsored threat actors
* 14% were launched by financially motivated attackers
Conclusion
The surge in hyper-volumetric attacks and the emergence of new Mirai botnet variants highlight the growing threat landscape in the cybersecurity world. As the number of connected devices continues to rise, it is crucial for organizations to prioritize DDoS attack mitigation and implement robust security measures to protect against these types of attacks.
FAQs
Q: What is a hyper-volumetric attack?
A: A hyper-volumetric attack is a type of DDoS attack that exceeds rates of 1 billion packets per second (pps) and 1 Terabit per second (Tbps).
Q: What is the largest DDoS attack ever reported?
A: The largest DDoS attack ever reported was 5.6 Tbps, which was launched by a Mirai-variant botnet on October 29, 2024.
Q: What is the most common user agent used in DDoS attacks?
A: The most common user agent used in DDoS attacks is HITV_ST_PLATFORM, which is associated with smart TVs and set-top boxes.
Q: What is the primary motivation behind DDoS attacks?
A: According to Cloudflare’s customer survey, the primary motivations behind DDoS attacks are competitors (40%), state-sponsored threat actors (17%), and financially motivated attackers (14%).
