Qrator Labs has submitted a quarterly report on DDoS attacks for 2024.
Qrator Labs has published a report "Overview of DDoS attacks by vectors in absolute and mixed values" for the first quarter of 2024. Experts have improved the method of collecting data on Internet threats, focusing only on serious DDoS attacks with an intensity of 1 Gbit/s. Low-intensity "white noise" up to 1 Gbit / s was excluded from the statistics.
After adjusting the methodology, the threat picture has changed significantly. Previously, the leading UDP flood lost its primacy, its indicator was 24.64%, which is 35.55% less compared to the previous quarter. The main type of attacks was IP fragmented flood, which occupies 40.76% of all attacks.
In total, the volume of mixed multi-vector attacks was 23.22%, which is almost twice as much as in the previous quarter. Experts attribute this primarily to an increase in available capacity. For experienced hackers and hacktivists, this makes it possible to organize a large number of attacks in the form of "carpet bombing".
Record indicators for the duration and intensity of attacks
The longest TCP attack was recorded in the e-commerce sector and lasted 464 hours, or almost three weeks. The UDP attack on the online betting segment was the most intense, reaching a peak capacity of 881.75 Gbit / s - a new record for the year. High intensity rates were also observed in the segments of online stores (686.6 Gbit / s) and hosting platforms (270.5 Gbit/s).
Industry-specific attack trends
In the first quarter, the leader in the number of attacks (25.26%) was e-commerce. The second place belongs to the Financial Technology segment - 22.63%. And in the third place – educational technologies – 13.16%.
The places in the micro-segment statistics were distributed as follows:
Geography of attacks
As for the geographical distribution of threat sources, the top three (Top 20) in terms of the number of blocked IP addresses has remained unchanged for several consecutive quarters. Russia again topped the rating with 23.6%, although this figure is almost twice lower than in the 4th quarter of 2023 (42.03%). The second and third places are occupied by the United States (12.27%) and China (7.32%).
The list of other leading countries also remained almost unchanged, but their indicators almost doubled compared to the end of last year: Brazil (4.51%), Germany (4.17%), Singapore (3.31%), India (3.26%), Indonesia (2.96%), the Netherlands (2.69%), the United Kingdom (2.37%).
Commercial attacks are gaining popularity due to the expansion of communication channels, the transition to new protocols for remote work, and the availability of DDoS attacks. The number of attacks at the L7 application layer decreased by 22%, which indicates their more targeted nature due to the high cost.
The largest number of L7 attacks occurred in the fintech sector (54%), especially in banks (29.91% of all attacks). An 18.4% increase in bot attacks was recorded, and a significant part of them (34.8%) was directed at the online betting segment due to increased demand for this content. Further active growth in the number of bot attacks is expected in the coming quarters.
There were no significant spikes in incidents in the area of BGP threats, but the number of global route leaks affecting many countries doubled compared to the previous period - from 6 to 12 in the quarter.
Qrator Labs has published a report "Overview of DDoS attacks by vectors in absolute and mixed values" for the first quarter of 2024. Experts have improved the method of collecting data on Internet threats, focusing only on serious DDoS attacks with an intensity of 1 Gbit/s. Low-intensity "white noise" up to 1 Gbit / s was excluded from the statistics.
After adjusting the methodology, the threat picture has changed significantly. Previously, the leading UDP flood lost its primacy, its indicator was 24.64%, which is 35.55% less compared to the previous quarter. The main type of attacks was IP fragmented flood, which occupies 40.76% of all attacks.
In total, the volume of mixed multi-vector attacks was 23.22%, which is almost twice as much as in the previous quarter. Experts attribute this primarily to an increase in available capacity. For experienced hackers and hacktivists, this makes it possible to organize a large number of attacks in the form of "carpet bombing".
Record indicators for the duration and intensity of attacks
The longest TCP attack was recorded in the e-commerce sector and lasted 464 hours, or almost three weeks. The UDP attack on the online betting segment was the most intense, reaching a peak capacity of 881.75 Gbit / s - a new record for the year. High intensity rates were also observed in the segments of online stores (686.6 Gbit / s) and hosting platforms (270.5 Gbit/s).
Industry-specific attack trends
In the first quarter, the leader in the number of attacks (25.26%) was e-commerce. The second place belongs to the Financial Technology segment - 22.63%. And in the third place – educational technologies – 13.16%.
The places in the micro-segment statistics were distributed as follows:
- Online stores most often suffered from the actions of intruders - 20% of all attacks;
- Banks accounted for 13.68% of all attacks;
- Online education ranked third with a share of 11.68%.
Geography of attacks
As for the geographical distribution of threat sources, the top three (Top 20) in terms of the number of blocked IP addresses has remained unchanged for several consecutive quarters. Russia again topped the rating with 23.6%, although this figure is almost twice lower than in the 4th quarter of 2023 (42.03%). The second and third places are occupied by the United States (12.27%) and China (7.32%).
The list of other leading countries also remained almost unchanged, but their indicators almost doubled compared to the end of last year: Brazil (4.51%), Germany (4.17%), Singapore (3.31%), India (3.26%), Indonesia (2.96%), the Netherlands (2.69%), the United Kingdom (2.37%).
Commercial attacks are gaining popularity due to the expansion of communication channels, the transition to new protocols for remote work, and the availability of DDoS attacks. The number of attacks at the L7 application layer decreased by 22%, which indicates their more targeted nature due to the high cost.
The largest number of L7 attacks occurred in the fintech sector (54%), especially in banks (29.91% of all attacks). An 18.4% increase in bot attacks was recorded, and a significant part of them (34.8%) was directed at the online betting segment due to increased demand for this content. Further active growth in the number of bot attacks is expected in the coming quarters.
There were no significant spikes in incidents in the area of BGP threats, but the number of global route leaks affecting many countries doubled compared to the previous period - from 6 to 12 in the quarter.
