Cloudflare revealed that its autonomous defence systems blocked 21.3 million distributed denial-of-service (DDoS) attacks in 2024, marking a 53% increase compared to the previous year. The findings, detailed in Cloudflare’s 20th DDoS Threat Report, highlight an average mitigation rate of 4,870 attacks per hour and a notable surge in hyper-volumetric attacks.
The report documented the largest DDoS attack in history, which occurred during Halloween week in late October 2024. The 5.6 terabit-per-second (Tbps) attack, originating from over 13,000 compromised IoT devices, targeted an internet service provider in Eastern Asia. Cloudflare stated that its systems autonomously detected and mitigated the attack within seconds, preventing disruption. The attack, launched on 29 October, was attributed to a Mirai-variant botnet. Just days earlier, Cloudflare had reported mitigating what was then the largest documented DDoS attack, peaking at 3.8 Tbps. That earlier attack was part of a broader campaign targeting multiple sectors, including internet services, financial services, and telecommunications.
“The growing use of powerful botnets, driven by geopolitical factors, has broadened the range of vulnerable targets,” wrote Cloudflare’s Omer Yoachimik and Jorge Pacheco in a blog post. “A rise in Ransom DDoS attacks is also a growing concern. Too many organisations only implement DDoS protection after suffering an attack. Our observations show that organizations with proactive security strategies are more resilient.”
DDoS attacks surge in Q4 2024 with 1,885% growth in hyper-volumetric activity
In the fourth quarter of 2024 alone, Cloudflare blocked 6.9 million DDoS attacks, reflecting a 16% quarter-over-quarter (QoQ) and 83% year-over-year (YoY) increase. Of these, 420 attacks exceeded 1 billion packets per second (pps), with attacks surpassing 1 Tbps growing by 1,885% QoQ.
HTTP DDoS attacks comprised 51% of the total incidents in Q4, while 49% targeted Layer 3/Layer 4. Among HTTP DDoS attacks, 73% were executed using botnets, and 11% used tactics to mimic legitimate browser behaviour.
Emerging attack methods such as Memcached DDoS attacks saw a 314% QoQ rise, while BitTorrent-based attacks increased by 304%. The WordPress admin panel (/wp-admin/) remained a frequent target, with 98% of HTTP requests directed at this path linked to DDoS activity.
Indonesia emerged as the largest source of DDoS attacks for the second consecutive quarter, followed by Hong Kong and Singapore. On the receiving end, China was the most targeted country, with the Philippines and Taiwan ranking second and third.
Industries facing the brunt of these attacks included telecommunications, which overtook banking and financial services as the most targeted sector in Q4. The latter dropped from the top position in Q3 to eighth in Q4.
The report noted a significant increase in ransom-driven DDoS incidents. In Q4 2024, 12% of Cloudflare customers targeted reported extortion attempts, representing a 78% QoQ and 25% YoY rise. Activity peaked during the holiday season, coinciding with increased online traffic.
A significant share of HTTP DDoS traffic originated from German-based Hetzner, followed by Digital Ocean in the US and OVH in France. The HITV_ST_PLATFORM user agent was linked to 99.9% of DDoS requests, indicating the exploitation of smart TVs and set-top boxes.
The majority of DDoS attacks remained brief, with 91% of network layer attacks and 72% of HTTP DDoS attacks ending within 10 minutes, said Cloudflare.
In November 2024, the connectivity cloud company reported a major issue affecting its logging-as-a-service platform, Cloudflare Logs, resulting in the permanent loss of customer data. The company disclosed that approximately 55% of log data generated during a 3.5-hour period on 14 November was irretrievably lost due to a series of technical misconfigurations and cascading system failures triggered by a software update. Cloudflare stated that its engineering teams conducted a thorough investigation to identify the root causes of the incident and implement measures to prevent similar occurrences in the future.
Read more: Faulty update at Cloudflare leads to customer data loss
