Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
New DDoS attack trends in the second quarter of 2024.
According to Qrator Labs, in the second quarter of 2024, DDoS attacks did not bring significant innovations in methods or traffic volumes, which created the impression of a relatively calm period. However, even against the backdrop of this lull, several significant incidents were recorded, especially in the areas of betting and financial technology.
Dominance of TCP flood attacks and the growth of multi-vector attacks
TCP flood attacks continue to occupy a leading position in the DDoS threat landscape, which confirms the trend of the last three years. In 2024, in the second quarter, the share of such attacks was 48.91% of all recorded at the L3-L4 levels. Multi-vector attacks, which combine different methods of influence, also remain a significant threat, representing 17.76% of all attacks in this period. Despite a slight decrease compared to the first quarter, this figure is still significantly higher than the data for 2023. Such attacks are more difficult to neutralize, especially for infrastructures that are inadequately protected or partially protected. This allows attackers to achieve their goals more often.
Reduce attack duration
The second quarter of 2024 saw a significant reduction in the average duration of attacks. After high rates in the first quarter, the average duration of attacks dropped to 40 minutes. Excluding extreme cases, the duration of the 90th percentile attacks was only 12.5 minutes. This indicates a reduction in target exposure time, which may be due to a change in attackers' tactics or improved defenses.
Attacks on bookmakers during Euro 2024
One of the highlights of the second quarter was a powerful DDoS attack on bookmakers. The intensity of this attack reached 450.52 Gbps, which was the highest figure for the period. This attack coincided with the European Football Championship, which was most likely the reason for the increase in the number of attacks on the betting sector. The attackers were likely trying to take advantage of the increased interest in betting at this time to cause maximum damage.
Fintech, e-commerce and telecommunications under attack
The fintech, e-commerce, and telecommunications sectors were the most vulnerable to DDoS attacks in the second quarter of 2024. Fintech accounted for 25.35% of all attacks, making it the most attacked sector. E-commerce came in second with a share of 17.01%, while IT and telecommunications came in third with 13.89%. Particular attention of the attackers was attracted by bookmakers, which were under the most serious blow, which is associated with the aforementioned European Football Championship.
Record botnet in the second quarter
The second quarter of 2024 was also marked by the detection of the largest botnet, consisting of 60,500 devices. This number exceeds the figures of the previous quarter and highlights the growing threat from botnets. This botnet was used during the attack on the banking segment, which confirms the seriousness and thoughtfulness of the attackers' actions. The devices that were part of the botnet were found in eight countries, including the United Kingdom, the United States, Romania, Poland, Austria, Brazil, Canada, and France.
Source
According to Qrator Labs, in the second quarter of 2024, DDoS attacks did not bring significant innovations in methods or traffic volumes, which created the impression of a relatively calm period. However, even against the backdrop of this lull, several significant incidents were recorded, especially in the areas of betting and financial technology.
Dominance of TCP flood attacks and the growth of multi-vector attacks
TCP flood attacks continue to occupy a leading position in the DDoS threat landscape, which confirms the trend of the last three years. In 2024, in the second quarter, the share of such attacks was 48.91% of all recorded at the L3-L4 levels. Multi-vector attacks, which combine different methods of influence, also remain a significant threat, representing 17.76% of all attacks in this period. Despite a slight decrease compared to the first quarter, this figure is still significantly higher than the data for 2023. Such attacks are more difficult to neutralize, especially for infrastructures that are inadequately protected or partially protected. This allows attackers to achieve their goals more often.
Reduce attack duration
The second quarter of 2024 saw a significant reduction in the average duration of attacks. After high rates in the first quarter, the average duration of attacks dropped to 40 minutes. Excluding extreme cases, the duration of the 90th percentile attacks was only 12.5 minutes. This indicates a reduction in target exposure time, which may be due to a change in attackers' tactics or improved defenses.
Attacks on bookmakers during Euro 2024
One of the highlights of the second quarter was a powerful DDoS attack on bookmakers. The intensity of this attack reached 450.52 Gbps, which was the highest figure for the period. This attack coincided with the European Football Championship, which was most likely the reason for the increase in the number of attacks on the betting sector. The attackers were likely trying to take advantage of the increased interest in betting at this time to cause maximum damage.
Fintech, e-commerce and telecommunications under attack
The fintech, e-commerce, and telecommunications sectors were the most vulnerable to DDoS attacks in the second quarter of 2024. Fintech accounted for 25.35% of all attacks, making it the most attacked sector. E-commerce came in second with a share of 17.01%, while IT and telecommunications came in third with 13.89%. Particular attention of the attackers was attracted by bookmakers, which were under the most serious blow, which is associated with the aforementioned European Football Championship.
Record botnet in the second quarter
The second quarter of 2024 was also marked by the detection of the largest botnet, consisting of 60,500 devices. This number exceeds the figures of the previous quarter and highlights the growing threat from botnets. This botnet was used during the attack on the banking segment, which confirms the seriousness and thoughtfulness of the attackers' actions. The devices that were part of the botnet were found in eight countries, including the United Kingdom, the United States, Romania, Poland, Austria, Brazil, Canada, and France.
Source
