DDoS (Distributed Denial of Service) attacks are a growing concern for businesses of all sizes, and the need for effective DDoS protection is more important than ever.
In this blog post, we will present statistics related to DDoS attacks and DDoS protection, to help you understand the scope of the problem and the importance of implementing effective protection measures.
Key DDoS Protection Statistics 2023 – MY Choice
- Cloudflare saw a 10% decline in application-layer DDoS attacks from Q2 to Q3 2022.
- The frequency of DDoS attacks increased more than 2.5 times between 2014 and 2017.
- In 2022, the YoY DDoS growth is 109%.
- The cost of a DDoS attack averages between $20,000-$40,000 per hour.
- The total number of attacks of this type globally will reach 17 million by 2020.
- The average size of DDoS attacks was at 150Mbps in Q1 2021.
- The largest DDoS attack happened in February 2018 GitHub was slammed with 1.3 TBps.
- In April 2019, Imperva reported that it was attacked with over 560 million packets per minute, which is about 4 times more than the PPS GitHub experienced.
- Given that in Q1 of 2019 attacks exceeding 100Gbps grew by 967% compared to the same period of 2018, 2020 is very likely to set new records.
- There has been a 67% increase in the number of ransom DDoS attacks.
- Online industries have seen a 131% increase in the number of application-layer DDoS attacks.
- In Q3 2021, New Zealand witnessed a wave of large-scale DDoS attacks.
- In Q3 2022, VoIP providers in Britain, Canada, and the US were affected by ransom DDoS attacks.
- In Q3 2022, gaming and gambling industries received the most network-layer attacks.
- The Albanian and Montenegrin governments were targeted by state-sponsored ransom DDoS attacks allegedly from Iran and Russia, respectively.
- DDoS attacks are lasting longer, with an average of 50 hours in 2022.
- In 2022, DDoS activity was higher than in previous years.
- There has been a 300% YoY rise in the number of application-layer DDoS attacks.
- The Webstresser, the world’s largest marketplace for buying DDoS attacks, was shut down by Europol in April 2018.
- The FBI took down a dozen DDoS-for-hire marketplaces in late 2018.
- The number of DDoS-for-hire sites has increased despite shutdowns.
- DDoS attacks can lead to massive financial losses.
- DDoS attacks can impact any part of a website’s operations or resources.
- DDoS attacks can cause significant service interruptions.
- Hackers are adapting their strategies to counter growing mitigation techniques.
- DDoS attacks were once a thing of mischief but are now a way for cybercriminals to make money or cause disruption.
DDoS Stats
| Statistics | Figures |
|---|---|
| Number of DDoS attacks reported by Kaspersky | 57,116 |
| Increase in ransom DDoS attacks reported by Cloudflare | 67% |
| Busiest day of attacks | Friday (15.36%) |
| Lowest percentage of attacks | Thursday (12.99%) |
| Countries affected by DDoS attacks on VOIP providers | US, UK, Canada |
| Average time of DDoS attacks in 2021 (Q2) | 30 minutes |
| Average time of DDoS attacks in 2022 (Q2) | 50 minutes |
| Increase in HTTP DDoS attacks in 2022 (YoY) | 111% |
| Increase in Ransomware attacks in 2022 (YoY) | 67% |
| HTTP DDoS attacks spike in Taiwan (Q2 to Q3, 2022) | 200% |
| DDoS attacks on Japan increased (Q2 to Q3, 2022) | 105% |
| Largest application-level DDoS attack recorded | 46 million requests per second |
| Percentage of traffic sent during the largest attack (by country) | Brazil, India, Russia, and Indonesia (30% of traffic) |
| Throughput of the DDoS attack stopped by Google (2017) | 2.54 Terabytes per second |
| Increase in the number of requests per second in 10 years (2010-2020) | 600,000 to 6 million requests per second |
| Time taken to reach 690 million packets per second (2010-2016) | 6 years |
| Memcached DDoS attack on GitHub (peak) | 1.35 Tbps and 126.9 million packets per second with an amplification factor of 51,000 |
| Increase in attacks that serve over 100 GB/s of data (2019-2020) | 967% |
| Longest DDoS attack discovered by Kaspersky (2019) | 509 hours |
| Average duration of DDoS attacks (Q2, 2022) | 50 hours |
| Percentage of DDoS attacks that reach “full pipe” usage | 0.6% |
- The frequency of a distributed denial of service (DDoS) attacks have increased more than 2.5 times over the last 3 years.
- The average size of DDoS attacks is increasing steadily and approaching 1 Gbps. It’s enough to take most organizations completely offline.
- In 2015 the top motivation behind DDoS attacks was cyber-criminals and hackers demonstrating attack capabilities. Gaming and criminal extortion attempts came in second and third place, respectively.
- In 2016 86% of DDoS attacks used multiple attack types. This type of attack is much more complex and difficult to defend against.
- DDoS attacks now account for more than 5 percent of all monthly gaming-related traffic and more than 30 percent of gaming traffic while they are occurring.
- Hiring a cyber-criminal to commit a DDoS is as easy as performing a quick online search, at a cost of as little as $5.00.
- 2016 saw a 125 percent increase in distributed denial of service (DDoS) attacks year over year, and that number is increasing.
- Anyone business or organization can become a victim at any time. Your industry doesn’t matter.
- The primary goal of a DDoS attack is to slow down or crash a website. However; the real damage may actually occur after the attack with a loss in consumer trust and confidence.
- According to a recent security survey, 32 percent of serious DDoS attacks coincided with a network intrusion.
- A DDoS attack on your business or organization can last anywhere from a few hours to several days. This can render your website and network inoperable during that time.
- The cost of a DDoS attack according to recent security surveys averages between $20,000 – $40,000 per hour.
DDoS Attack Trends
- DDoS attacks have increased by 542% since 2015.
- In 2020, there were more than 10 million DDoS attacks worldwide.
- The average DDoS attack size increased by 50% in 2020.
- 35% of all DDoS attacks in 2020 lasted for more than 6 hours.
- The financial services industry is the most frequently targeted by DDoS attacks, with 43% of all attacks targeting this sector.
- The gaming industry is the second most frequently targeted, with 26% of attacks.
- The average cost of a DDoS attack is $2.5 million per attack.
- The average cost of downtime caused by a DDoS attack is $221,000 per hour.
- 80% of businesses that suffer a DDoS attack experience some form of operational disruption.
- 45% of businesses that suffer a DDoS attack lose customers.
Table 1: DDoS Attack Size
| Quarter | Average DDoS Attack Size (Mbps) |
|---|---|
| Q4 2020 | 315 |
| Q1 2021 | 150 |
| Q3 2021 | 115 |
Source: Radware
Table 2: Largest DDoS Attack Ever Faced
| Company | Attack Size (Tbps) |
|---|---|
| Microsoft (Azure customer) | 2.4 |
Source: The Record
Table 3: Cost of DDoS Attack
| Average cost per hour | Maximum cost per hour |
|---|---|
| $20,000 – $40,000 | $50,000 |
Source: Cox BLUE
Table 4: Cost of DDoS Attacks in the UK
| Year | Cost (in GBP) | Cost (in USD) |
|---|---|---|
| 2019 | £1bn | $1.3 billion |
Source: Techradar
Table 5: Duration of DDoS Attacks
| Quarter | Longest Attack Duration (hours) |
|---|---|
| Q1 2021 | 776 |
Source: Kaspersky Lab
Table 6: Frequency of DDoS Attacks
| Date of attacks | Number of attacks |
|---|---|
| October 16, 2018 | |
| October 18, 2018 | |
| December 4, 2018 |
Source: Kaspersky Lab
Table 7: DDoS Demographics
| Country | Percentage of DDoS attacks originated | Percentage of DDoS attacks received |
|---|---|---|
| China | 70.20% | 72.83% |
| US | 15.30% | 15.75% |
| Hong Kong SAR | 4.47% | 4.27% |
Source: Kaspersky Lab
Table 8: Common Types of DDoS Attacks
| Type of Attack | Percentage of Attacks |
|---|---|
| UDP flooding | 19.7% |
| HTTP misuse | 6.4% |
DDoS Protection Strategies
- 99% of DDoS attacks can be prevented with the right DDoS protection strategy.
- The most effective DDoS protection strategies include cloud-based protection, on-premises protection, and hybrid protection.
- 67% of businesses use a combination of cloud-based and on-premises DDoS protection.
- 76% of businesses that use cloud-based DDoS protection report that it is effective.
- 57% of businesses that use on-premises DDoS protection report that it is effective.
- 53% of businesses that use hybrid DDoS protection report that it is effective.
- Businesses that use a combination of DDoS protection strategies report a 98% success rate in mitigating attacks.
- 43% of businesses have experienced a false positive during DDoS protection.
- 69% of businesses use a combination of signature-based and behavioral-based DDoS protection.
- The most commonly used DDoS mitigation techniques include rate limiting, blacklisting, and packet filtering.
Table 1: Top 2022 DDoS Trends
| No. | Statistics | Source |
|---|---|---|
| 1 | More than 5.4 million DDoS attacks were reported in the first half of 2021. | Mission Critical |
| 2 | On average, a DDoS attack costs a company $20,000-$40,000 hourly. | Cox BLUE |
| 3 | There were 52,500 DDoS attacks globally in 2020. | NSFocus |
| 4 | DDoS attacks in 2020 generated 386,500 TB of traffic in total. | NSFocus |
| 5 | Surprisingly, DDoS in 2020 decreased year-over-year (from 19.67% to 16.16%). | NSFocus |
| 6 | In Q1 2021, the average size of DDoS attacks was 150Mbps. | Radware |
| 7 | GitHub’s 2018 attack was the largest DDoS attack at 1.3 TBps. | vXchnge |
Table 2: Key DDoS Attack Statistics in 2022
| No. | Statistics | Source |
|---|---|---|
| 1 | In Q1 2021, the average size of DDoS attacks was 150Mbps. | Radware |
| 2 | The biggest DDoS attack in history occurred in September 2021. | Wired |
| 3 | On average, a DDoS attack costs a company $20,000-$40,000 hourly. | Cox BLUE |
| 4 | The longest DDoS attack in 2021 lasted 776 hours – more than 32 days. | SecureList |
Table 3: Understanding the Dynamics of DDoS Attacks
| No. | Statistics | Source |
|---|---|---|
| 5 | Continent 8 Technologies blocked a record of 641 DDoS attacks from October to December 2021. | Continent 8 |
| 6 | The majority of DDoS attacks in Q3 2020 (90%) lasted under 240 minutes, which is 4 hours. | Kaspersky Lab |
DDoS Protection Vendors
- Akamai is the leading provider of cloud-based DDoS protection services, with a market share of 23%.
- Cloudflare is the second leading provider of cloud-based DDoS protection services, with a market share of 20%.
- Radware is the leading provider of on-premises DDoS protection services, with a market share of 14%.
- A10 Networks is the second leading provider of on-premises DDoS protection services, with a market share of 12%.
- Arbor Networks is the leading provider of hybrid DDoS protection services, with a market share of 26%.
- Other leading DDoS protection vendors include F5 Networks, Neustar, and Nexusguard.
DDoS Protection Best Practices
- Conduct a DDoS risk assessment to understand your organization’s vulnerability to DDoS attacks.
- Implement a layered DDoS protection strategy that includes both cloud-based and on-premises protection.
- Use a combination of signature-based and behavioral-based DDoS protection.
Types of DDoS Attacks
There are several types of DDoS attacks that businesses need to be aware of. Understanding the different types of attacks can help companies better protect themselves. Here are some common types of DDoS attacks:
- Volumetric Attacks: These attacks overwhelm the network with large amounts of traffic, causing the system to crash.
- TCP Connection Attacks: This type of attack targets the network’s ability to create new connections, making it difficult for legitimate users to access the system.
- Application Layer Attacks: These attacks target specific applications, such as HTTP or DNS, and overload them with traffic.
- Distributed Reflection Denial of Service (DRDoS) Attacks: DRDoS attacks use vulnerable servers to amplify the attack, making it more difficult to stop.
DDoS Protection Best Practices
To protect against DDoS attacks, businesses should implement the following best practices:
- Use a Content Delivery Network (CDN) to distribute traffic and filter out malicious requests.
- Implement network segmentation to isolate critical systems and prevent the spread of an attack.
- Use firewalls and intrusion prevention systems to filter out malicious traffic.
- Monitor network traffic and use anomaly detection tools to identify potential attacks.
- Develop a DDoS response plan that includes incident management and communication procedures.
- Regularly test your DDoS protection measures to ensure they are effective.
DDoS Protection Market Trends
As DDoS attacks become more common, the market for DDoS protection solutions is expected to grow. Here are some market trends to keep in mind:
- According to a report by MarketsandMarkets, the global DDoS protection and mitigation market is expected to reach $4.7 billion by 2024, growing at a CAGR of 14.0%.
- Cloud-based DDoS protection solutions are becoming more popular, as they offer scalability and flexibility.
- Many companies are turning to managed DDoS protection services to ensure they have access to the expertise needed to respond to attacks.
- Machine learning and AI are being incorporated into DDoS protection solutions to improve detection and response times.
Conclusion
DDoS attacks can have a significant impact on a business, causing downtime, lost revenue, and damage to reputation.
By understanding the risks and implementing the best practices outlined in this article, businesses can protect themselves against DDoS attacks and minimize their impact.
As the market for DDoS protection solutions continues to grow, companies have more options than ever before to keep their systems secure.
