Cloudflare, the security, performance and reliability company helping to build a better Internet, has announced its 2022 Q3 DDoS report. This report includes insights and trends about the DDoS threat landscape – as observed across the global Cloudflare network.
Multi-terabit strong DDoS attacks have become increasingly frequent. In Q3, Cloudflare automatically detected and mitigated multiple attacks that exceeded 1 Tbps. The largest attack was a 2.5 Tbps DDoS attack launched by a Mirai botnet variant, aimed at the Minecraft server, Wynncraft. This is the largest attack Cloudflare has ever seen from the bitrate perspective. It was a multi-vector attack consisting of UDP and TCP floods. However, Wynncraft – a massively multiplayer online role-playing game Minecraft server where hundreds and thousands of users can play on the same server – didn’t even notice the attack since Cloudflare filtered it out for them.
Geopolitical tensions are reflected in cyberattacks. Cloudflare’s data centres saw attacks targeting Taiwanese companies increase nearly 20x and when looking at the war in Ukraine, the company saw that attacks on Russian websites surged 24x compared to last year.
Highlights of the DDoS Report
General DDoS attack trends
Overall in Q3, Cloudflare has seen:
- An increase in DDoS attacks compared to last year
- Longer-lasting volumetric attacks, a spike in attacks generated by the Mirai botnet and its variants
- Surges in attacks targeting Taiwan and Japan
Application-layer DDoS attacks
- HTTP DDoS attacks increased by 111% YoY but decreased by 10% QoQ
- HTTP DDoS attacks targeting Taiwan increased by 200% QoQ; attacks targeting Japan increased by 105% QoQ
- Reports of Ransom DDoS attacks increased by 67% YoY and 15% QoQ
Network-layer DDoS attacks
- L3/4 DDoS attacks increased by 97% YoY and 24% QoQ
- In Q3, Cloudflare saw a 4x increase in network-layer DDoS attacks attributed to the Mirai botnet. This underscores why securing IoT devices is critical
- The gaming/gambling industry was the most targeted by L3/4 DDoS attacks, including a massive 2.5 Tbps DDoS attack
Ransom DDoS attacks
Ransom DDoS attacks are attacks where the attacker demands a ransom payment, usually in the form of Bitcoin, to stop/avoid the attack.
- Q3 saw ransom DDoS attacks increase for the third quarter in a row. September 2022 saw almost one out of every four respondents report receiving a ransom DDoS attack or threat.
- In Q3, 15% of respondents reported being targeted by HTTP DDoS attacks accompanied by a threat or a ransom note. This represents a 15% increase QoQ and 67% increase YoY of reported ransom DDoS attacks.
