Each quarter, Cloudflare releases its quarterly reports on DDoS attacks and Internet Disruptions, shedding light on the frequency of attacks and current trends observed in the previous quarter and the one ahead.

This quarter, Cloudflare returns with a new installment of its reports on DDoS attacks and Internet Disruptions. Below, you’ll discover key insights from both reports.

Q3 DDoS 2024 Report Highlights (Click Here to Read the detailed report)

• In Q3, Cloudflare observed a 4,000% increase in SSDP amplification attacks compared to the previous quarter. An SSDP (Simple Service Discovery Protocol) attack is a type of reflection and amplification DDoS attack that exploits the UPnP (Universal Plug and Play) protocol.
• When launching HTTP DDoS attacks, threat actors aim to blend in to avoid detection.
• During Q3, 80% of HTTP DDoS attack traffic impersonated the Google Chrome browser, making it the most common user agent observed in attacks. Specifically, Chrome versions 118, 119, 120, and 121 were most frequently used. In second place, 9% of HTTP DDoS attack traffic had no user agent specified.
• A majority of 89% of HTTP DDoS attack traffic used the GET method, aligning with its status as the most commonly used HTTP method.
• Although 80% of DDoS attack requests were made over HTTP/2 and 19% over HTTP/1.1, their share was smaller when normalized by the total traffic volume for each version.
• China was the most targeted location for DDoS attacks in Q3 of 2024, followed by the United Arab Emirates in second place, and Hong Kong in third. Singapore, Germany, and Brazil closely followed.
• In the third quarter of 2024, the Banking & Financial Services sector was the most targeted by DDoS attacks. Information Technology & Services ranked second, followed by Telecommunications, Service Providers, and Carriers. Other targeted sectors included Cryptocurrency, Internet, Gambling & Casinos, and Gaming, with Consumer Electronics, Construction & Civil Engineering, and Retail rounding out the top ten.
• While extortionists remained the most common threat actors, overall reports of Ransom DDoS attacks decreased by 42% quarter-over-quarter but rose 17% year-over-year. A total of 7% of respondents reported being subjected to a Ransom DDoS attack or threatened. In August, this figure increased to 10%, or one in ten respondents.
• Indonesia emerged as the largest source of DDoS attacks in Q3 of 2024, followed by the Netherlands, Germany, Argentina, and Colombia.
• This quarter, Cloudflare observed a significant rise in hyper-volumetric DDoS attacks, with peaks reaching 3.8 Tbps and 2.2 Bpps. This reflects a similar trend from the same period last year when application layer attacks in the HTTP/2 Rapid Reset campaign exceeded 200 million requests per second (Mrps). These massive attacks have the potential to overwhelm Internet properties, especially those dependent on capacity-limited cloud services or on-premise solutions.
• The increasing deployment of powerful botnets, driven by geopolitical tensions and global events, has broadened the range of organizations at risk—many of which were not traditionally considered prime targets for DDoS attacks. Unfortunately, many organizations continue to deploy DDoS protections only after an attack has already caused considerable damage.