A new report from Gcore reveals a significant increase in Distributed Denial of Service (DDoS) attacks during the first half of 2024, with incidents up 46% compared to the same period last year.
Gcore’s findings show that attacks reached 445,000 in the second quarter of 2024 alone, a 34% rise compared with the prior six months (Q3–Q4 2023). This surge marks a concerning upward trend in both frequency and variety of assault vectors.
Alongside higher incident counts, peak attack bandwidth increased slightly: the largest DDoS observed in H1 2024 reached 1.7 Tbps, up from 1.6 Tbps in 2023. While the rise in peak power is modest, the combination of greater frequency and persistent targeting raises the overall risk profile for online services.
Industry targeting remains uneven. The gaming and gambling sector continues to be the most affected, accounting for 49% of all attacks. Notably, attacks against the technology sector doubled, reaching 15% of incidents. Financial services, telecommunications, and e-commerce followed, representing 12%, 10%, and 7% of attacks respectively.
The report differentiates between network-layer (L3–L4) and application-layer (L7) attacks and highlights how these layers affect industries differently. Network-layer attacks typically target sectors reliant on real-time data and low-latency connections — such as gaming, technology, and telecoms — while application-layer attacks are more likely to disrupt transaction processing, content delivery, and user-facing services in industries like finance, e-commerce, and media.
Attack duration varies widely. Although the majority of DDoS incidents are short-lived, often under 10 minutes, the longest recorded attack in H1 2024 lasted 16 hours. This range suggests attackers are applying more sophisticated, adaptive tactics, choosing either brief, disruptive bursts or prolonged campaigns depending on their objectives.
Gcore also notes a trend toward more targeted, customized attacks. In gaming, for example, adversaries favor brief, frequent strikes designed to degrade specific game servers and prompt frustrated users to migrate to competing platforms. Such tailored approaches increase the operational impact even when individual attacks are smaller in scale.
Attribution remains challenging. Application-layer attacks can sometimes be traced to particular countries via IP addresses, but network-layer assaults often employ IP spoofing, which obscures true origins. Common methods include UDP floods at the network layer and HTTP floods at the application layer, both exploiting weaknesses in network and protocol implementations.
DDoS attacks are a persistent and growing threat that affects organizations across all sectors. To preserve service availability, protect revenue, and maintain customer trust, businesses must invest in layered DDoS mitigation strategies, continuous monitoring, and incident response planning tailored to their specific risk profile.
A full copy of the Gcore report is available from Gcore’s library (registration required).
See also: Kursk region hit by cyberattack amid Ukrainian counter-incursion
Interested in learning more about cybersecurity and cloud technologies from industry experts? Consider attending Cyber Security & Cloud Expo events held in Amsterdam, California, and London. These gatherings bring together specialists across cybersecurity, cloud, blockchain, IoT, and AI to share best practices and emerging trends.
Explore upcoming enterprise technology events and webinars powered by TechForge for additional learning opportunities.