Q3 2024 in Review: DDoS Attacks Report by StormWall

StormWall's global scrubbing centers, strategically positioned in the US, Europe, South-East Asia, and the Middle East, offer a combined filtering capacity of 4,500 Gbps. This robust infrastructure processes vast volumes of data daily, allowing us to monitor and analyze evolving DDoS threats in real-time. In this report, we delve into the main trends and attack sources that defined the third quarter of 2024.

Q3 2024 Main Trends

In Q3 2024, DDoS attacks increased by 118% year over year (YoY). But there’s another story behind the number—attacks are increasing not just in volume, but also in sophistication. Recent advancements in AI coding tools now allow bad actors to write better code faster.

As a result, sophisticated techniques not long ago reserved for state-sponsored adversaries are now in the hands of a wide range of DDoS actors.

Let's quickly recap the key trends of the quarter and see what the impact has been:

• Decline in Government Attacks: Attacks on government infrastructure decreased by around 64% compared to Q3 2023. For-profit attacks made up about 60% of all incidents this quarter, compared to 40% for hacktivist-driven attacks, marking a shift toward financially motivated threats.
• Hackers concentrated their efforts on financial services, entertainment, and IT. These primary targets absorbed over 60% of malicious traffic, while government infrastructure ranked as the fourth most targeted sector, receiving 11% of the attacks.
• Multi-vector attacks surged by 142% year-over-year. Over 82% of attacks intercepted by StormWall were ultrasophisticated, targeting multiple system components simultaneously.
• Carpet bombing attacks are up 237% YoY. These attacks distribute large amounts of traffic across multiple endpoints to avoid triggering protection systems.
• DNS attacks increased 62% year-over-year. Attackers are increasingly exploiting the decentralized nature of DNS to amplify traffic and mask malicious sources.

A New Paradigm in DDoS Attacks and Defenses

Let's take a closer look at what these trends mean on a practical level: how DDoS attacks unfolded in Q3 and the implications for future defense strategies.

In over 80% of incidents mitigated by StormWall, attackers employed at least three methods simultaneously. A common pattern combined volumetric floods, protocol-based attacks, and application-layer attacks, underscoring the need for layered, adaptive defense strategies.

When attackers target multiple components of the target’s infrastructure, it forces defenders to respond across multiple fronts. The attack becomes more difficult to mitigate. This renders single-layer protection strategies ineffective. Instead, defenses now require filtering across various vectors in real time.

Hackers also leveraged carpet bombing attacks to bypass weak defenses, increasing their use by 237%. Here’s how it works: frontline DDoS defenses typically rely on per-IP traffic thresholds to trigger mitigation. For instance, if traffic to an IP address spikes above a set threshold—say, 500 Mbps—the defense mechanism activates.

With carpet bombing, attackers distribute traffic across multiple IPs, keeping each just under the threshold. As a result, defenses aren’t triggered, but the overall traffic remains overwhelming. To counter this, organizations need centralized defenses that monitor all endpoints—a sophisticated defense strategy many still lack.

Moving forward, DDoS defenses must evolve. Organizations should prioritize adaptive, AI-driven solutions that monitor traffic in real time across the entire infrastructure.

Attack Share Breakdown by Industry

Here are the main trends to highlight this quarter:

• In Q3 2024, the finance industry suffered the most, with its share of attacks soaring from 16% in Q2 to 28%—a 75% increase—making it the top target for attackers.
• The entertainment industry also continued to draw heightened attention, with its DDoS traffic share rising from 14% in Q2 to 17% in Q3 2024. This sector maintained an impressive year-over-year growth rate of 108%, placing it as the second most targeted industry.
• IT organizations faced heavy attacks as well, capturing 15% of malicious traffic and ranking as the third most targeted sector.
• Meanwhile, the government sector saw a significant drop in focus from attackers, falling from 31% in Q2 to 11% in Q3 2024. Despite this reduction, government services still experienced an 86% year-over-year increase in attacks, ranking it fourth overall.
• The biggest percentage shift was in the Education sector, which saw a 100% increase in attack share from 2% in Q2 to 4% in Q3, though its overall share remains relatively small.

Let's break down the biggest trends in more detail.

Finance

Nearly ⅓ of all DDoS traffic recorded by StormWall in Q3 2024 (28% to be exact) targeted the financial industry, and attacks increased by 147% year-over-year. This surge places the financial sector ahead of both the government and entertainment industries as the most targeted sector.

Entertainment

In the entertainment sector, StormWal recorded 17% of total DDoS traffic, with a year-over-year growth of 108%. This industry ranked as the second most attacked and the second fastest-growing in terms of attack volume.

DDoS attacks were common in esports tournaments, with competitors using them to disrupt opponents and gain an edge. But the impact went beyond the events themselves: gaming groups targeted the game’s servers in the months before the tournament, preventing teams from practicing. Financial motives are also at play, as esports tournaments attract millions of fans who watch via livestreams, providing attackers with opportunities for ransom demands.

Finally, the entertainment sector is also a target for hacktivists seeking to disrupt the free flow of information. For example, in August, a DDoS attack delayed the Trump-Musk interview on X (formerly Twitter) by over 40 minutes.

Fortunately, strong DDoS protection can fully shield businesses from such attacks. StormWall successfully mitigated DDoS attacks during the Esports World Cup held in the UAE in July–August.

IT

In Q3 2024, the IT industry suffered 15% of DDoS attacks, representing a 92% increase year-over-year.

Many of the attacks, particularly in Asian and African countries, were a form of unfair competition between companies trying to shut each other down.

Given that DDoS attacks can severely cripple online businesses, they have been extensively used to shut down competing service providers and attract their customers. Additionally, some attacks were launched in retaliation, creating a snowball effect.

The impact of DDoS attacks stretches across various parts of IT infrastructure. Network bandwidth can be overwhelmed, causing severe slowdowns or complete outages for targeted services. Servers, flooded with malicious traffic, became unresponsive. These outages can lead to significant financial losses, as downtime affects revenue streams and damages customer trust.

Attackers frequently targeted DNS servers, with DNS attacks increasing by 62% year-over-year. Disruption of DNS services means users are unable to access websites or applications.

DDoS Attacks Breakdown by Country

Let’s examine the distribution of DDoS attacks by country in Q3 2024:

In Q3 2024, the United States, India, and China were the top three countries hit by DDoS attacks. The U.S. saw 12.8% of all recorded attacks, followed by India with 11.4% and China at 10.7%. These countries are consistently among the most targeted due to their vast online infrastructures and the critical services they support, making them prime targets for financially motivated hackers, hacktivists, and business rivals.

StormWall recorded some of the highest capacity DDoS attacks in the United States, MENA (Middle East and Africa), and Asia-Pacific (APAC) regions. In Q3 2024, the largest attack exceeded 1 Tbps.

These attacks were likely financially motivated: hackers attempted to extort their targets, claiming to stop attacking once the ransom was paid. StormWall successfully defended its customers' infrastructure, so there was no downtime.

Geopolitical and economic factors also played a role in the rise of attacks in specific regions. Austria, for instance, saw a spike in attacks on government websites during the parliamentary elections as politically motivated groups tried to disrupt the process. France experienced a surge in DDoS activity after Pavel Durov's arrest. In Israel, rising military tensions led to a sharp increase in attacks, while Russia and Ukraine remained targets of hacktivism. Wealthier nations like the UK, UAE, and Germany faced frequent attacks due to their economic significance.

Wrapping up

In conclusion, let’s recap the main trends of the year:

• Attacks up 118% year-over-year: DDoS onslaughts have more than doubled, illustrating a stark increase in cyber aggression.
• Multi-vector attacks up 142%: Over 82% of attacks now target multiple system components simultaneously, overwhelming traditional defenses.
• Financial industry becomes the prime target: With a 147% year-over-year increase, the financial sector now endures 28% of all DDoS attacks.
• Entertainment and IT sectors heavily targeted: These industries occupy the second and third spots, with 17% and 15% of attacks, respectively.

In summary, the sharp rise in DDoS attacks this quarter, along with their increasing complexity, indicates that businesses in finance, entertainment, and IT must act swiftly to adopt advanced, adaptive defenses.

cta1