Network-Layer DDoS Attack Activity in H1 2024: A Growing Threat

The first half of 2024 has seen a significant rise in network-layer Distributed Denial of Service (DDoS) attacks, highlighting the persistent and evolving nature of cyber threats targeting organisations worldwide. According to the latest data from H1 2024, these attacks, which span both Layer 3 (L3) and Layer 4 (L4) of the OSI model, have increased in both frequency and volume, signaling a growing challenge for cybersecurity professionals.

Escalation in Attack Frequency and Volume

The report reveals a 16% increase in blocked network-layer attacks per organization compared to the second half of 2023, and a 12% increase compared to the first half of 2023. More alarmingly, the average network-layer attack volume per organization surged by 127% between 2023 and 2024. This rise far outpaces the 17% growth in average network-layer volume blocked per organization per month between 2022 and 2023, indicating that attackers are scaling up their efforts to overwhelm defenses.

Geographic Distribution of Network-Layer Attacks

The distribution of network-layer DDoS attacks across different regions paints a complex picture. The Americas bore the brunt of these attacks, facing 58% of global network-layer incidents and 37% of the total network-layer volume. Despite a slightly lower percentage of attacks, EMEA (Europe, Middle East, and Africa) had to mitigate 56% of the global network-layer volume, reflecting the intensity of attacks in this region. Meanwhile, the Asia-Pacific (APAC) region accounted for nearly 19% of attacks and 7% of the global volume.

The number of monthly network-layer DDoS attacks in the Americas increased by 47% in 2024 compared to 2023, with the average monthly DDoS volume per organization jumping by 128%. This significant rise suggests that threat actors are increasingly targeting the Americas with more substantial and sustained attack campaigns.

Conversely, EMEA saw a 30% decrease in the number of monthly network-layer attacks, but the average monthly DDoS volume per organization still rose by 122%. This suggests that while fewer attacks were recorded, those that did occur were more intense and harder to mitigate. In APAC, there was an 81% increase in the number of monthly network-layer attacks, with an 86% rise in the average monthly DDoS volume per organization, indicating a growing focus on this region by attackers.

Sector-Specific Trends

The report identifies the financial sector as the most targeted by network-layer DDoS attacks, accounting for 44% of the total activity. This is followed by the healthcare sector (17%), technology (10%), government (7.2%), transportation and logistics (5%), and gaming (5%). These sectors are particularly vulnerable due to their critical nature and the potentially devastating impact of downtime or service disruption.

Amplification Attack Techniques and Targeted Applications

DNS (Domain Name System) and NTP (Network Time Protocol) amplification attacks were responsible for 87% of the total network-layer amplification attack volume in H1 2024. These techniques exploit the inherent properties of these protocols to amplify the impact of an attack, making them a preferred choice for threat actors.

The most targeted applications by network-layer DDoS attacks were DNS, HTTPS, and SIP (Session Initiation Protocol). These applications are critical to the operation of the internet and communication services, making them prime targets for disruption.

Conclusion

The first half of 2024 has underscored the growing threat posed by network-layer DDoS attacks. With attackers increasing both the frequency and intensity of their campaigns, organizations across all sectors and regions must remain vigilant. The rise in attack volumes, particularly in the Americas and APAC, highlights the need for robust defenses and proactive measures to mitigate the impact of these increasingly sophisticated threats.

As attackers continue to evolve their tactics, leveraging amplification techniques and targeting critical applications, it is essential for organisations to stay ahead of the curve. Implementing comprehensive DDoS protection, regularly updating security protocols, and conducting continuous monitoring are crucial steps in defending against these persistent threats.

Contact White Arrow Technology if you are interested in learning more about how to protect your organization from the rising tide of network-layer DDoS attacks. Our experts can provide tailored solutions to ensure your infrastructure remains secure and resilient in the face of evolving cyber threats.

Tags:

No responses yet

Leave a Reply

Your email address will not be published. Required fields are marked *

Latest Comments

No comments to show.
WordPress Appliance - Powered by TurnKey Linux