DDoS: THE NEXT GENERATION

DDoS Threat Intelligence Report

Issue 14: Findings from 2H 2024

  • 8,911,312 DDoS attacks: +12.75% change over 1H 2024
  • Highest throughput attack: 650.84Mpps
  • Highest bandwidth attack: 995.40Gbps
  • Download the full report for exclusive insights
Download Report

Download the Report

Explore DDoS attack stats, trends, and impacts.

Key Findings

1

Global DDoS Trends Mirror Geopolitical Unrest​

DDoS attacks have become a defacto political weapon, with 2024 seeing spikes greater than 2,844 percent above the norm during elections and periods of unrest in countries like Israel, Georgia, Kenya, and Mexico. 
2

Next-Gen DDoS-for-Hire

The increasing sophistication of DDoS-for-hire services, driven by AI and automation, has significantly enhanced their capabilities, enabling complex attacks with minimal oversight. These enhancements make carpet-bombing, geo-spoofing, and ISP masking easily accessible to even the most novice operator.​
3

Carpet-Bombing

In the second half of 2024 (2H 2024), a consistent volume of carpet-bombing attacks was detected, each attack targeting approximately 100 IP addresses within narrower network ranges compared to advertised autonomous system (AS) block sizes. These attacks, while exhibiting low per-host impact, generated network traffic up to half a terabit per second (Tbps), creating severe network disruptions. Minimal use of proxy nodes (0.5 percent) was observed among source IPs.​
4

Botnets: The Backbone of DDoS-for-Hire Services

High-power devices such as enterprise servers amplify DDoS botnet attack intensity, while resilience in botnet infrastructure ensures rapid recovery from takedowns. The dramatic rise in attack activity is exemplified by Mirai’s 360 percent surge in attack frequency.​
5

Hiding Behind the Proxy

In Q4 2024, NETSCOUT observed a persistent reliance on proxy infrastructure in application-layer DDoS attacks. Proxies, particularly cloud and residential, were a key enabler for HTTPS floods, accounting exceeding 10–20 percent of attack sources. While DNS floods outpaced other application-layer attack trends, both HTTP and DNS attack traffic increasingly exhibited proxy-driven characteristics.​

Executive Summary

Geopolitical conflict continues to drive up the number of DDoS attacks, with up to 2,844 percent spikes in certain areas correlating with political events. AI/ML, automation, and the abuse of enterprise-grade infrastructure are making attacks stronger and more agile, requiring proactive defensive measures to mitigate attacks. DDoS-for-hire services and carpet-bombing attacks have shown consistent growth by becoming more accessible. Attackers are also getting better at hiding by leveraging proxies to avoid detection and pass by traditional defenses. The latest issue of NETSCOUT’s global DDoS Threat Intelligence Report covers this and much more to help inform about current DDoS threats.

Watch for regular updates: Last updated 12/31/2024

Report Highlights

DDoS-Capable
Botnets

Country
Analysis

DDoS Attack
Vectors

Global
Highlights

Industry
Analysis

Regional Highlights

APAC
LATAM
EMEA
NAMER
Download the full report for exclusive insights Download Report

Download the Report

Explore DDoS attack stats, trends, and impacts.