DDoS attacks are a growing threat. Quarterly DDoS statistics reveal different countries appear on the list with more and more attacks.
What’s even worse is that:
In reality, just a small share of the attacks are reported. Meanwhile, they become more complex, featuring more threat vectors. Their intensity increases, the frequency shifts, the number of attackers grows, and the targeted industries change.
All these dynamics make DDoS attack statistics almost impossible to keep track of.
But don’t worry!
At The High Court, we’ve curated the vital DDoS attack statistics from 2020 and before to keep you up to speed. As a bonus, we’ll also address DDoS law and a few other matters of interest.
Let’s dive right in.
Shocking DDoS Statistics (Editor’s Picks)
- The DDoS Protection and Mitigation Market will be worth $4.7 billion by 2024.
- There will be 15.4 million DDoS attacks by 2023.
- The share of targets in China rose by 6.81 p.p. in Q3 2020.
- There was a 151% increase in the number of attacks in H1 2020 vs. H1 2019.
- 91.06% of attacks in Q3 2020 lasted up to 4 hours.
- Amazon says it mitigated the most massive DDoS attack ever recorded, with a peak traffic volume of 2.3 Tbps.
- Cloudflare mitigated a 754 million PPS DDoS attack automatically.
Global DDoS Statistics 2020
Before we dig deep into the stats, we should clarify the difference between DoS vs DDoS. While DoS is only an attack between one machine and another machine, DDoS uses a group of devices to attack one host.
Usually, when we think of what does DDoS mean in terms of strength, we think of their volumetric form, which is measured in Gbps or Tbps. In terms of size, the attacks are addressed as per the large volume of traffic designed to overpopulate a circuit. Another way of addressing the attacks is in terms of intensity (measured in Mpps). High-intensity attacks are aimed at particular infrastructures.
With that in mind:
1. China is on top of the list of attacks and targets, with 71.20% and 72.83%.
(Source: SecureList)
DDoS attack statistics for 2020 reveal the top three countries by the number of attacks and targets in Q3 remained the same. On the top of the DDoS attack list is China (71.20 and 72.83%), followed by the US (15.30 and 15.75%), and the Hong Kong Special Administrative Region (4.47 and 4.27%). Vietnam and The Netherlands are newcomers to the top ten list (by the number of attacks).
2. In South Africa, the share of attacks fell to 0.4% between July and September 2020.
(Source: SecureList)
Singapore, Australia, and India climbed higher due to the rising number of attacks. This resulted in South Africa moving from fourth to eighth. Fewer DDoS attacks were also registered in Singapore, 0.85% of the total. The number of attacks in Australia and India rose by 0.27 p.p. and 0.24 p.p and accounted for a 0.65% share for Australia and 0.57% for India.
3. In China, the share of targets rose by 6.81 p.p. in Q3 2020.
(Source: SecureList)
There was a significant decline in targets in Asia. Hong Kong lost 2.07 p.p. and Singapore 0.3 p.p. On the other hand, Japan and South Korea did not even show. China is the only exception, with the share of targets increasing by 6.81 p.p.
4. There was a 151% increase in the number of attacks in H1 2020 vs. H1 DDoS attacks in 2019.
(Source: Neustar)
Neustar offers its customers a Protection Services DDoS program that mitigates attacks. The company’s findings show the number of attacks in 2020 increased by more than two and a half times from the 2019 figure. The industry as a whole witnessed a dramatic jump in the number of attacks.
5. The number of DDoS attacks per year will rise to 15.4 million by 2023.
(Source: Cisco)
Cyber attacks are becoming more common globally. There are a growing number of breaches and records exposed per breach. Overall, the global DDoS attack between 100 Gbps and 400 Gbps Y/Y from 2018 to 2019 has grown by a mind-blowing 776%.
What’s more:
The total number of DDoS attacks is expected to double from 7.9 million in 2018 to 15.4 million by 2023.
Types of DDoS Attacks
6. SYN flooding was the most common type in Q3 2020 and accounted for 94.6% of all attacks.
(Source: SecureList)
The distribution of DDoS attack types for Q3 2020 remained fairly constant. SYN flooding was the main tool (94.6%), virtually unchanged from Q2. ICMP attacks accounted for 3.4%, TCP attacks accounted for 1.4%, and HTTP flooding accounted for less than 0.1% of attacks.
7. 91.06% of the attacks in Q3 2020 lasted up to four hours.
(Source: SecureList)
The average length of the latest DoS attacks has shortened. The share of long (100–139 hours) attacks decreased by 0.08 p.p, while the share of ultra-long attacks went up slightly by 0.18 p.p. The longest-lasting attacks registered in Q3 2020 were over ten days (246 and 245 hours). Overall, the overwhelming majority of attacks (91.06%) lasted up to four hours.
8. 95% of attacks in the first half of 2020 featured more than a single threat vector.
(Source: Neustar)
95% of all attacks featured more than a single threat vector. Only 5% featured a single vector. The number of extremely complex attacks (four vectors and more) was equivalent to 17%. The majority of attacks featured two threat vectors (43%) and three threat vectors (35%).
Key takeaway:
[bctt tweet=”There are more DDoS attackers because the higher the number of vectors is, the lower the number of actors who can control such threats.” via=”no”]
9. Neustar recorded an 81% increase in attack intensity in the first half of 2020.
(Source: Neustar)
In the first half of 2020, over 70% of attacks mitigated by Neustar were 5 Gbps or less.
However:
The same year, the previous high-water mark of 500 Mpps was topped with an attack of over 800 Mpps. Neustar’s findings show that 2020’s most intense attack was significantly higher than its 2019 counterpart. Specifically, the increase is equivalent to a whopping 81% in intensity.
Recent DDoS Attacks
10. Amazon says it mitigated the biggest DDoS attack ever recorded with a peak traffic volume of 2.3 Tbps.
(Source: TheVerge, AWS)
This is the largest DDoS attack in history. In its threat report for Q1 2020, Amazon said it identified the attack, mitigated by AWS Shield, in February. The origin or the target of the attack were not disclosed in the report.
11. Cloudflare mitigated a 754 million PPS DDoS attack automatically.
(Source: Cloudflare)
Cloudflare mitigated yet another one of the most famous DDoS attacks, with a peak at 754 million packets per second on June 21, 2020. It was a part of a four-day campaign that started on June 18 and lasted until June 21.
The traffic was coming from 316,000+ IP addresses, and the attack was aimed at a single Cloudflare IP address primarily used for websites. During the attack, neither downtime nor service degradation nor charges accrued to customers were reported. Mitigation of such attacks requires the use of the best DDoS tool available.
Current DDoS Attacks Frequency
12. 323 attacks were registered on July 2, 2020.
(Source: SecureList)
When it comes to the dynamics of the number of recent DoS attacks and DDoS attacks, they notably varied in Q3 2020. During peak activity, the DDoS operator’s record was broken on July 2, when 323 attacks were registered. In contrast, August 31 and September 1/7 were surprisingly calm, with only one registered attack each day.
Late August-early September was overall quite mild. On September 5, there were 181 registered. The average number of attacks per day in Q3 was around 106. That’s ten fewer than in Q2 2020.
13. 19.02% of attacks in Q3 2020 took place on Thursdays.
(Source: SecureList)
In case you’re looking for DDoS symptoms:
The most active days were Thursdays (19.02%), while the quietest days were Fridays (10.11%). The gap between the most active and quiet days widened to 8.91 p.p., up from 4.93 p.p. in Q2. The number of attacks also increased on Saturdays and Mondays.
14. US retailers experienced a 20% growth in attack frequency in the first half of 2020.
(Source: Netscout)
The overall trend of a shorter DDoS attack in the US continued. As per the latest DDoS statistics, the targeted industries in H1 2020 were those vital to pandemic life – nonstore retailers, including ecommerce, saw a 20% growth in frequency. Meanwhile, the attack frequency on educational services grew by 13%.
15. Attacks on hospitals in Latin America grew by 80% in the first half of 2020.
(Source: Netscout)
Hospitals and doctors’ offices were most targeted, and the vital services and healthcare systems were most stressed. DDoS attacks on hospitals grew by a staggering 80%, while doctors’ offices and diagnostic labs (Ambulatory Health Care Services) saw a 30% rise.
What’s worse:
The latest DDoS attacks were difficult to mitigate because they were high-bandwidth and high-throughput.
DDoS Attack Cost Statistics
16. A DDoS attack could cost an enterprise up to $2 million.
(Source: Bulletproof)
The DDoS statistics 2019 Bulletproof report revealed a DoS or DDoS attack could cost a small company up to $120,000 and a large enterprise as much as $2 million.
17. The DDoS Protection and Mitigation Market will be worth $4.7 billion by 2024.
(Source: MarketsAndMarkets)
The DDoS protection and mitigation market size is expected to grow to an incredible $4.7 billion by 2024, up from $2.4 billion in 2019, a 14.0% CAGR. The DDoS mitigation and protection market is expanding due to the growing rate of multi-vector DDoS attacks.
The significant factors influencing the growth of the DDoS protection and mitigation market are the availability of DDoS services for hire, the growth of IoT compatible devices, and the high demand for hybrid and cloud-based DDoS protection and mitigation solutions. All in all, the gaming sector will drive the DDoS protection and mitigation market over the next five years.
18. Cybercrime will impose total damage of $6 trillion globally in 2021.
(Source: CybersecurityVentures)
Check this out:
If cybercrime were a country, it would be equivalent to the third-largest economy worldwide, after the US and China. Cybersecurity Ventures estimates that the costs of global cybercrime will grow by 15% per year over the next five years. It is estimated to reach $10.5 trillion annually by 2025, up from $3 trillion in 2015.
19. Reported cybercrime in the US represents only 10-12% of the total.
(Source: CybersecurityVentures)
Due to embarrassment, the belief that DDoS Federal crime law enforcement can’t help, and fear of reputational harm, the vast majority of attacks are not reported. The unit chief at the FBI’s Internet Crime Complaint Center (IC3) stated that reported cybercrimes represent only 10-12% of the total number of crimes committed in the US each year.
Wrap Up
2020 oversaw a shift in the top ten countries with the most DDoS attacks. However, China remains on the top daily DDoS attacks worldwide list. From the projections for the following years, it is clear that the number of attacks will keep growing.
The current trend in attack type is intentionally shorter and planned not to be detected. At the same time, new records are broken in terms of attack intensity, and the attacks become more complex to mitigate. Like malware and ransomware, DDoS attacks are on the rise.
As a result, DDoS attack statistics show the protection and mitigation market will be experiencing growth.
FAQ
Q: How common are DDoS?
DDoS attacks are becoming ever more common. In the first half of 2020, there were 4.83 million DDoS attacks. During this period, there was also a 15% growth in DDoS attack frequency.
Q: How often do DDoS attacks happen?
The dynamics of the number of attacks vary. There are peak activity days followed by calmer ones. There were an average of 106 DDoS attacks per day in Q3 2020.
Q: Is a DDoS attack illegal?
Speaking of DDoS legality, under the Computer Fraud and Abuse Act, starting a DDoS attack is illegal and will result in a DDoS penalty of $500,000 and ten years in prison.
Q: How many DDoS attacks occur on a regular basis?
DDoS statistics show 16 DDoS attempts take place every minute. However, between April and May 2020, there were a total of 929,000 DDoS attacks. During the first pandemics lockdown, the attack frequency went up by 25%.
Sources: