DDoS Attack Statistics

OWASP

What is a DDoS Attack and How Does It Work?

Let’s imagine that you wanted to have a big party at your house, and almost all of your friends, family, and colleagues were invited to it. There’s one buddy you didn’t invite, though, and he’s distraught about it, so he didn’t say anything to you. Today, in nature, this buddy is fairly vindictive and decides to ruin your party.

This vindictive friend knows that to reach your house, there’s just one entrance. So, he agrees not to encourage others to go through it in order to carry out his scheme. For that, he employs a hundred or so individuals to stand outside the door of the building and orders them not to move even an inch. Not a single guest will come and join your party before both of these individuals move.

Imagine what you’ll have to live through. Oh, that’s what attacks from DDoS are like.

But you first need to understand DoS attacks to truly understand what DDoS attacks mean. A malicious attacker makes a machine, device, or utility inaccessible through a DoS attack, or what’s known as a denial of service attack, so that its users can not reach it. Usually, such service interruption is done by overwhelming the intended system with traffic from a single computer and an internet connection.

Now, on the other hand, to imagine what a DDoS attack is, you will have to take this single-machine attack and dramatically scale it up. Distributed denial-of-service (DDoS) attacks inundate their victims’ networks or computers with traffic from various outlets. A DDoS attack usually entails several devices in a general context (a.k.a. bots or zombie computers) coming together to threaten a single host by overwhelming it with a shocking amount of requests that can not be addressed by the host. Nowadays, to execute these attackers, DDoS attacks usually use botnets, whole networks of infected computers.

The tremendous challenge in finding the cause of each attack is the thing that makes DDoS attacks so puzzling. And when the host is overwhelmed by too many requests, information systems, computers, or other network services can not be reached by legitimate users/customers. In most cases, this obviously results in financial damages and can also cause reputational harm to the companies impacted.

DDoS Attack Statistics: An In-Depth Look at Most Recent and Largest DDoS Attacks

DDoS attacks have been on the increase for quite some time now, due to the obvious financial motivation and the undeniable sophistication it provides. Let’s take a peek at some of the most eye-opening data on DDoS attacks and some of the new and greatest DDoS attacks:

8.4 Million 2019 DDoS attacks

NetScout’s new vulnerability analysis exposes a sad yet undeniable fact of our internet security. The year 2019 saw a record 8.4 million DDoS assaults, according to NetScout threat intelligence. This means 670,000 attacks a month, 23,000 attacks a day, and every minute, 16 attacks!

With 580 million PPS, 2019 saw the biggest attacks ever recorded

Not only did 2019 see the largest number of DDoS attacks, but the longest DDoS attack ever documented was also observed. According to the Global DDoS Vulnerability Environment study by Imperva:

With a network layer DDoS attack that hit 580 million packets per second (PPS) in April, and a separate application layer attack that lasted for 13 days and peaked at 292,000 Requests Per Second (RPS), 2019 saw the largest network and application layer attacks ever reported.

DDoS attacks, from $120,000 to $2 million, cost a lot of money

The financial benefits that these forms of attacks offer are the primary reason why we are seeing such a strong rise in DDoS attacks. Data from the 2019 Annual Cyber Protection Study from Bulletproof shows that if a small business falls victim to a DoS or DDoS threat, it may lose up to $120,000. And for a company with losses that total $2 million, the figure is much greater!

Mind-blowing, aren’t they?

64% rise in DDoS attacks aimed at companies in wireless telecommunications

NetScout’s new vulnerability analysis shows that wireless telecommunications providers reported a 64 percent rise in DDoS attack level year over year. This is suspected to be attributed to gamers who use their phone service as cellular hotspots in Asian countries.

With 35.92% of threats, the online gaming & gambling industry heads the priority list.

The pattern of gaming firms persists in 2019 to be the focus of most DDoS attacks. The online gaming industry led the list of targeted industries with 35.92 percent of the overall DDoS attacks directed at them, according to Imperva’s Global DDoS Threat Environment Report. With 31.25 percent, the online gaming market was a close second .

India has faced DDoS attacks on the highest network layer,

As far as the number of network layer DDoS attacks is concerned, one of the biggest surprises we saw in 2019 was that India was classified as the most attacked region. According to Imperva’s Global DDoS Vulnerability Environment study, 22.57 percent of the network layer DDoS attacks attacked India.

This comes as a surprise, as India emerged on the list of the most targeted countries for the first time. Another disappointment that this study reveals is that East Asia is home to the top four attacked nations, comprising 77.7 percent of all DDoS network layer attacks. In terms of both the number of network layer attacks and the risk of being targeted, this makes it the most dangerous area.

32% spike in DDoS attacks in Q2 2019

There has been no slow down in the pace of DDoS attacks from 2018 to 2019. Compared to the same time in the previous year, Kaspersky’s study reveals an impressive 32 percent growth in Q2 2019. And of all the attacks Kaspersky avoided, 46% of them happened to be DDoS attacks. Amazingly upsetting, is it not?

57% Improvement in attack variants based on Mirai

From 2018 to 2019, according to NetScout’s Threat Intelligence Report, we saw a 57 percent rise in Mirai-based variants affecting 17 system architectures.

DDoS Attacks have a success rate of 50 percent

If you’ve been wondering about the success of DDoS attacks, then here’s a number for you: in 2018, 50 percent of DDoS attacks resulted in a major service interruption. So one out of every two attacks, Kaspersky Labs says, interrupted the services of the targeted site.

Increase of 15% in 100-200 GBPS attacks

DDoS attackers are not only getting more creative, but they’re also getting smarter about it. The surge in attacks from 100-200 GBPS is a testament to this. NetScout’s new vulnerability survey reveals that 100-200 GBPS attacks have risen by 15 percent. This is a clever maneuver by the perpetrators, as attacks larger than GBPS 200 appear to attract unwelcome scrutiny from law enforcement.

DDoS attacks are expected to double by 2022.

In order to see a slowdown in global DDoS attack numbers, we would possibly need to wait quite some time. According to the Cisco Visual Networking Index, the cumulative number of DDoS attacks worldwide is projected to double to 15.4 million by 2023. (VNI).

DDoS Demand for Defense & Prevention to Double by 2024

The extraordinary upsurge in DDoS attacks is projected to coincide with the increase in the DDoS security and mitigation market without a single percentage of surprise. The DDoS security and mitigation market has been forecast by a consulting company to double to $4.7 billion by 2024, showing a compound annual growth rate (CAGR) of 14 percent.

Extending their Horizons by DDoS Attackers

In 2019, NetScout reports that cyber attackers leveraged seven recent or increasingly common vectors for UDP reflection/amplification attack. Fresh combinations of well-known attack vectors were also mixed.

Final Word on DDoS Statistics Attack

DDoS attackers have truly hit their feet, as the 2019 figures show. And we should presumably save our surprise in 2020 with billions of wired IoT devices being introduced to our globe next year. And looking at the latest developments in DDoS attack figures, it doesn’t seem to be a positive kind of shock.

Melina Richardson is a Cyber Security Enthusiast, Security Blogger, Technical Editor, Certified Ethical Hacker, Author at Cybers Guards & w-se. Previously, he worked as a security news reporter.