Craig Lusher from our Secure team provides a comprehensive analysis of the latest Distributed Denial of Service (DDoS) statistics from the fourth quarter of the year and their implications for cybersecurity trends.
Overview of 4Q 2024
The fourth quarter of 2024 marked a significant shift in DDoS attack patterns, with 138 recorded incidents. This represents a substantial increase from 3Q’s 37 attacks, though remaining well below historical peaks like 2Q 2023’s 1,106 attacks. October emerged as the most active month, aligning with historical patterns of increased 4Q activity.
This is a trend not just at Continent 8. In fact, 4Q also happened to see the largest DDoS attack ever recorded, with Cloudflare mitigating a 5.6 (Terabits per second) Tbps Mirai-variant botnet attack on one of their customers on October 29.
Attack intensity and scale
4Q 2024 demonstrated interesting patterns in attack intensity:
- Highest attack size: 13.4 Gbps
- Average attack size: 0.4 Gbps
- Peak Megapackets per second (MPPS): 0.5992
This quarter’s largest attack of 13.4 Gbps represents a decrease from 3Q 2024’s peak of 37.0 Gbps. For perspective, this is dramatically lower than 4Q 2023’s peak of 412.9 Gbps, indicating a significant shift in attack methodologies.
Attack duration patterns
Key statistics for 4Q 2024:
- Average attack duration: 17.6 minutes
- 75% of attacks lasted between 30-45 minutes
- Longest sustained attack: approximately 70 minutes
- Multiple attacks showed consistent duration patterns, suggesting automated tools
Customer report analysis
Key statistics for 4Q 2024:
- Highest number of attacks on a single customer: 96 (increase from 19 in 3Q)
- Total attack duration: 21.1 hours
- Longest single attack: 1.13 hours
- Average attack duration: 17.6 minutes
Quarterly comparison and trends
Comparing 4Q 2024 with recent quarters reveals several interesting trends:
-
Attack volume evolution
- 1Q 2024: 3.0 Gbps peak
- 2Q 2024: 85.5 Gbps peak
- 3Q 2024: 37.0 Gbps peak
- 4Q 2024: 13.4 Gbps peak
This shows a significant escalation in attack frequency during 4Q.
-
Attack intensity progression
- 1Q 2024: 3.0 Gbps peak
- 2Q 2024: 85.5 Gbps peak
- 3Q 2024: 37.0 Gbps peak
- 4Q 2024: 13.4 Gbps peak
While attack frequency increased, intensity continued to decrease throughout the year.
-
Customer report patterns
The decrease in affected customers coupled with the dramatic increase in attacks per customer suggests a shift toward more targeted campaigns.
Year-over-year analysis
Comparing 4Q 2024 to 4Q 2023 shows significant changes in the threat landscape:
- Total attacks decreased by 26% (187 → 138)
- Number of affected customers decreased by 63% (27 → 10)
- Largest attack size decreased by 97% (412.9 Gbps → 13.4 Gbps)
Implications and insights
-
Attack evolution
The higher volume but lower intensity of attacks suggests a fundamental shift in attacker strategies, focusing on persistent, lower-threshold campaigns rather than high-impact events.
-
Targeting patterns
The concentration of attacks on fewer customers, with more attacks per target, indicates a move toward more sophisticated, focused operations.
-
Attack duration
The shorter average attack duration (17.6 minutes) combined with increased frequency suggests a tactical shift toward ‘pulse’ style attacks rather than sustained campaigns.
Looking ahead
While individual attack intensities have decreased significantly year-over-year, the dramatic increase in frequency and focus on specific targets suggests an evolution in threat actors’ strategies. The pattern of increased 4Q activity appears to be holding true, though manifesting differently than in previous years.
Organisations should prepare for:
- Continued high-frequency, lower-intensity attacks
- More targeted attack campaigns
- Potential seasonal variations in attack patterns
- The need for detection of lower-threshold attacks
Continent 8’s DDoS mitigation solution
Our best-in-class DDoS solution continues to evolve and in recent months we have amplified our scrubbing capacity to 5+ Tbps, as well as increased our scrubbing centres geographically deployed across multiple continents. Locations include Los Angeles, Chicago, New York, Miami, London, Amsterdam, Frankfurt, Singapore, Hong Kong and Sao Paulo.
Key features of our mitigation solution:
DDoS protection should also form part of a wider, multi-layered approach to cybersecurity. A 360-degree, end-to-end protection strategy should include DDoS mitigation solution as well as WAF/WAAP protection, MDR/EDR services, SIEM and SOC resources, VAPT assessments, backup solutions, and mobile device, phishing defence and MFA services.
This is the only way to have multiple protections in place for each attack type and to ensure the greatest level of resilience.
To learn more about how Continent 8 can help protect your organisation, contact a member of the team via sales@continent8.com or our Contact Us form.
