Reports

Cloudflare Reports DDoS Attacks Drop by 20% in 2023 Compared To 2022

According to Cloudflare's sixteenth edition of it's DDoS threat report there was a notable 20% year-on-year decline in distributed denial-of-service (DDoS) attacks in 2023 compared to the previous year, 2022, reflecting a shift in the overall threat landscape and potential changes in cyberattack strategies.

Matthew Giannelis
Matthew Giannelis

Cloudflare’s DDoS Threat Report reveals a 20% year-on-year decline in distributed denial-of-service (DDoS) attacks in 2023 compared to 2022.

Contents

While this overall reduction signals progress in mitigating such threats, the year also recorded some of the most significant DDoS campaigns to date, showcasing the evolving tactics of cybercriminals.

DDoS attacks are a type of cyber assault that disrupts websites and other online properties by overwhelming them with excessive traffic, rendering them inaccessible to legitimate users.

Cloudflare, a global leader in cybersecurity, highlights the scale of its operations with a network spanning 310 cities in 120 countries, processing over 70 million web requests per second and thwarting 170 billion cyber threats daily.

Despite the overall drop in DDoS incidents, 2023 witnessed a sharp increase in specific attack vectors:

  • Application-layer attacks: The year saw some of the largest campaigns ever recorded, with attacks exceeding 100 million requests per second, including the high-profile HTTP/2 Rapid Reset campaign.

  • Network-layer attacks: These surged by 85% compared to 2022, reflecting a rise in more traditional volumetric DDoS methods.

Environmental services organisations bore the brunt of HTTP DDoS attack traffic during high-profile events like the 28th United Nations Climate Change Conference (COP 28), underlining the link between global events and targeted cyber activities.

DDoS as a Tool in Cyber Warfare

The report underscores the growing use of DDoS attacks in geopolitical conflicts, with notable surges during the Taiwan general election and the Israel-Hamas war.

  • Taiwan: During the general election, HTTP DDoS attacks targeting Taiwanese websites spiked by an astonishing 3,370% year-on-year, with 82% of these attacks originating from China. Unexpectedly, adult entertainment websites faced more attacks than traditional industries like finance and healthcare.

  • Israel and Palestinian territories: Amid the ongoing conflict, the Palestinian territories became the second-most attacked region globally, with DDoS attacks comprising over 68% of their network traffic and targeting primarily banking websites. Israeli websites saw a 27% quarter-on-quarter increase in HTTP DDoS traffic, with media and software industries accounting for 65% of attacks.

Growing Trend of Global Political Events Triggering Cyber Attacks

Global political events are increasingly serving as catalysts for cyberattacks, with data showing a clear connection between significant events and surges in malicious activities.

For example, during the 28th United Nations Climate Change Conference (COP 28), which concluded on December 13, 2023, HTTP DDoS attacks targeting environmental services organizations skyrocketed by over 61,000% between October and December compared to the same period in 2022.

This alarming spike wasn’t an isolated incident. Historical data reveals a recurring pattern during similar events, such as COP 26, COP 27, and other UN climate-related resolutions or announcements.

Each instance coincided with heightened cyberattacks on environmental services websites, underscoring a troubling trend where global events become focal points for cyber disruption.

Emerging Attack Vectors at the Network Layer

The evolving nature of network-layer DDoS attacks is exemplified by a notable incident between October and December 2023. The attack, launched by a Mirai botnet, targeted a major European cloud provider.

Although it lasted less than ten minutes, it leveraged over 18,000 unique (and likely spoofed) IP addresses, demonstrating the scale and sophistication of modern DDoS campaigns.

Cloudflare’s automated defenses promptly detected and mitigated the attack, highlighting the importance of advanced protection measures in countering these increasingly complex threats.

This particular Mirai botnet attack stood out due to its exceptional scale and complexity. Peaking at 1.9 terabits per second, it combined multiple attack vectors, including UDP fragments flood, UDP/Echo flood, SYN Flood, ACK Flood, and TCP malformed flags.

Such high bits-per-second (bps) rates are rare, and the multi-vector approach highlights a sophisticated strategy designed to bypass traditional defenses.

While the packet rate of 160 million packets per second (pps) was significant, it fell short of the record 754 million pps observed in a 2020 attack. Nevertheless, the combination of a high bps rate, multi-vector techniques, and short attack duration underscores the necessity for modern, agile defenses.

Rising Threats and the Need for Automation

This attack is a reminder that organizations can no longer rely on manual scrubbing centers to defend against DDoS attacks. In-line automated defense systems are essential for detecting and mitigating such threats in real time.

Cloudflare’s data reveals a sharp rise in other emerging attack methods:

  • ACK-RST Floods: Increased by 1,161% quarter-over-quarter.
  • CLDAP Floods: Up by 515%.
  • SPSS Floods: Grew by 243%.

These attack methods aim to overwhelm networks by exploiting different vulnerabilities and protocols, causing significant disruption. Understanding how these floods work has become critical for organisations looking to strengthen their defences against evolving DDoS threats.

Top Attacked Regions

Iraq, the Palestinian territories, and Morocco emerged as the most targeted regions globally in terms of their total inbound traffic. Surprisingly, Singapore ranked fourth, despite not being traditionally associated with high levels of DDoS activity.

Singapore not only experienced the largest share of global HTTP DDoS attack traffic at 4%, but this malicious activity also constituted a significant portion of all inbound HTTP traffic to the country.

In contrast, the United States, which accounted for 3.8% of global DDoS traffic, ranked much lower—fiftieth—when normalised against its total HTTP traffic.

The findings highlight the disproportionate impact of DDoS attacks on smaller or more concentrated regions like Singapore, where such malicious traffic can significantly disrupt digital infrastructure.

Conversely, in larger regions like the U.S., the sheer volume of overall traffic helps dilute the relative impact of DDoS attacks.

Top targeted countries by Network-layer DDoS attacks with respect to each country’s traffic

When analysing network-layer DDoS trends by region, the disparities are even more pronounced compared to application-layer attacks.

China stood out as the most targeted country for network-layer DDoS attacks in 2023, continuing a consistent pattern from previous years.

Notably, China was not only the most attacked country by network-layer DDoS traffic but also faced the highest proportion of all China-bound traffic being subjected to such attacks. Nearly 86% of all traffic directed to China was mitigated by Cloudflare as part of network-layer DDoS defenses.

In addition to China, three other regions—Palestinian territories, Brazil, and Norway—saw over 50% of their total inbound traffic being malicious, with DDoS attacks accounting for more than half of all data traffic to these countries.

Report Summary

The 2023 DDoS threat landscape reflects both a decline in overall attack frequency and an increase in the sophistication of cyber threats.

While the global drop in DDoS activity may suggest some progress, the rise of multi-layered and high-bitrate attacks signals that organisations must remain vigilant and adaptive to evolving attack strategies.

Additionally, regional disparities in attack volumes, particularly in countries like China and Singapore, highlight the need for region-specific cybersecurity measures.

The growing trend of political events triggering cyberattacks underscores the intersection of geopolitics and cyber warfare, with DDoS attacks being increasingly leveraged as instruments of digital disruption.

ByMatthew Giannelis
Follow:
Secondary editor and executive officer at Tech Business News. An IT support engineer for 20 years he's also an advocate for cyber security and anti-spam laws.
Previous Article Is proton mail down? - Protonmail Proton Mail Down In Widespread Outage, Users Unable to Access Email Worldwide
Next Article Gary Gensler, the outgoing head of the U.S. Securities and Exchange Commission (SEC) is pleased with the way he’s handled the crypto crackdown. Sec Head Gary Gensler Urges Continued Efforts to Strengthen Crypto Regulations
Leave a Comment

Leave a Reply

DDoS Attacks Drop by 20% in 2023 Compared To 2022 - Cloudflare

Tech Articles

Why is APAC losing the war on digital fraud

Why APAC is Losing Ground In The Fight Against Digital Fraud

Why APAC is losing the war on digital fraud is…

How the World’s Data Centres Are Quietly Burning the Planet

Data centres are burning the planet, with a growing environmental…

Chatbots Condemning Children To Antisocial Behaviour?

Are Chatbots Condemning Children To Antisocial Behaviour?

Are Chatbots Condemning Children To Antisocial Behaviour? Not by default…

Recent News