Cloudflare's DDoS attack report reveals 466% surge in DDoS attacks against Sweden after joining NATO
Cloudflare has released a report on DDoS attacks in the first quarter of 2024 (January to March). Cloudflare's automated defenses prevented 4.5 million DDoS attacks in the first quarter of 2024 alone, which is equivalent to 32% of the DDoS attacks prevented in 2023.
DDoS threat report for 2024 Q1
By type,HTTP DDoS attacks increased 93% year over year and 51% quarter over quarter, with Cloudflare's systems blocking approximately 10.5 trillion HTTP DDoS attack requests. Additionally, L3/4 DDoS attacks increased 28% year over year and 5% quarter over quarter.
Looking at the combined number of HTTP DDoS attacks and L3/4 DDoS attacks, the overall number was up 50% year over year and 18% quarter over quarter.
There were many DDoS attacks with traffic exceeding 1Tbps almost every week. At the time of writing, the largest attack in 2024 was a variant of
DNS-based DDoS attacks in the first quarter of 2024 increased 80% year-over-year, accounting for approximately 54% of all network-layer attacks. This makes DNS-based attacks the most prominent attack method. Attackers send a large number of DNS requests with spoofed source IP addresses and craft responses to the target's IP address. As a result, a large number of DNS responses are sent to the target, overloading the target's servers and networks.
While Cloudflare has strengthened its defenses against DNS-based attacks, attackers continue to develop new techniques and we expect DNS-based DDoS attacks to remain a primary threat.
According to Cloudflare, the largest source of HTTP DDoS attacks in Q1 2024 was the United States, with one-fifth of all DDoS attack requests originating from American IP addresses. China came in second, Germany in third, followed by Indonesia, Brazil, Russia, Iran, Singapore, India, and Argentina.
Meanwhile, the United States was the largest source of L3/4 DDoS attacks, with over 40% of attack traffic processed by Cloudflare data centers in the United States. Germany came in second with 6%, followed by Brazil, Singapore, Russia, South Korea, Hong Kong, the United Kingdom, the Netherlands, and Japan. However, these countries do not directly launch attacks. In many cases, these countries are believed to be home to a large number of botnet nodes and VPN/proxy endpoints that attackers are abusing.
Cloudflare normalized the data by dividing the attack traffic by the total traffic to a particular country or region, showing the relative share of attack traffic to regular internet traffic in each country or region. As a result, it was found that Gibraltar was the largest source of attacks, with almost one-third of HTTP traffic originating from Gibraltar being the result of DDoS attacks.
Zimbabwe was the largest source of L3/L4 DDoS attacks, with approximately 89% of traffic processed by Cloudflare data centers in Zimbabwe being L3/4 DDoS attacks.
In terms of the countries targeted, the United States was the most attacked in the first quarter of 2024 for HTTP DDoS attacks. About one in every 10 DDoS attack requests mitigated by Cloudflare targeted the United States. For L3/L4 DDoS attacks, 39% of the attacks blocked were targeted at China.
Cloudflare also noted that DDoS attacks against Sweden surged 466% after the country joined NATO, which is similar to the attack pattern observed when Finland joined NATO in 2023.
Traditionally, Sweden and Finland have maintained a neutral policy, but in response to recent geopolitical changes, they have decided to join NATO. Their NATO membership has drawn opposition from some countries and organizations, and Cloudflare has analyzed that the sudden increase in DDoS attacks is one manifestation of this opposition.
With DDoS attacks on the rise in 2024 and targeting certain countries and industries, Cloudflare said it uses cutting-edge technology and a robust network to protect its customers from attacks of all sizes. It highlighted the robustness of its cyber defenses.
Related Posts:
in Security, Posted by log1i_yk