The 20th edition of the Cloudflare DDoS Threat Report highlights significant increases in DDoS attacks in 2024, with a record-breaking 5.6 Tbps attack detected. Cloudflare’s DDoS defense systems blocked over 21 million attacks this year, showcasing the growing threat landscape and the importance of robust cybersecurity measures. Affected: Cloudflare, Internet service providers
Keypoints :
- Cloudflare’s global network capacity increased by 817% since 2020, reaching 321 Tbps.
- In 2024, Cloudflare blocked approximately 21.3 million DDoS attacks, a 53% increase from 2023.
- During Q4 2024, Cloudflare mitigated 6.9 million DDoS attacks, an 83% increase YoY.
- The largest DDoS attack recorded was 5.6 Tbps, occurring on October 29, 2024.
- HTTP DDoS attacks predominantly used known botnets, with 73% of attacks originating from these sources.
- Emerging threats included a 314% increase in Memcached DDoS attacks and a 304% rise in BitTorrent DDoS attacks.
- Ransom DDoS attacks surged by 78% QoQ in Q4 2024, with 12% of targeted customers reporting extortion attempts.
- China was the most attacked country, followed by the Philippines and Taiwan.
- The Telecommunications industry became the most attacked sector in Q4 2024.
MITRE Techniques :
- T1071.001 – Application Layer Protocol: HTTP (used in HTTP DDoS attacks)
- T1498 – Network Denial of Service (used in Layer 3/Layer 4 DDoS attacks)
- T1499 – Endpoint Denial of Service (exploited through compromised devices like smart TVs)
- T1203 – Exploitation for Client Execution (exploited through botnets)
- T1497 – Virtualization/Sandbox Evasion (used by botnets to evade detection)
Indicator of Compromise :
- [domain] hitv_st_platform
- [tool name] Mirai
Full Research: https://blog.cloudflare.com/ddos-threat-report-for-2024-q4/