2024 was a watershed year for DDoS. Our sensors processed 2.4 million attack events across customers in 80+ countries. The findings are stark: attacks are larger, smarter, and more frequent than anything we saw in 2023.
Key Findings
- Volumetric attacks grew 340% YoY, with peak traffic hitting 3.2Tbps in Q3 2024.
- Application-layer (L7) attacks now represent 61% of all incidents, up from 38% in 2023.
- Average attack duration dropped from 47 minutes to 12 minutes — attackers are optimizing for speed.
- Multi-vector attacks (combining L3, L4, and L7) increased by 180%.
- The gaming sector remained the most targeted industry for the third consecutive year.
The Rise of AI-Assisted Attacks
In 2024 we began observing attacks that adapt their patterns in real time — rotating source IPs, shifting ports, and changing request signatures every few seconds. We assess with high confidence that these attacks are using automated tooling to probe defenses and find gaps. The implication: static rule-based defenses are no longer sufficient.
The average time from attack start to first mitigation action must be under 10 seconds. Anything slower and the damage is done.
Geographic Hotspots
Attack traffic originated predominantly from compromised infrastructure in Eastern Europe, Southeast Asia, and South America. However, origin attribution is increasingly unreliable as attackers route through residential proxies and VPN exit nodes to obscure true source locations.
Predictions for 2025
- Attacks exceeding 5Tbps will become routine by Q2 2025.
- L7 attacks will surpass L3/L4 as the primary attack vector.
- IoT botnets will grow as smart device security remains largely unaddressed.
- DDoS-for-hire services will become cheaper and more accessible.