Cloudflare Q3 DDoS Report 2023: Ransom DDoS attacks might increase in upcoming months (November & December)

  • Q3 DDoS 2023 Report Highlights
  • In the third quarter of 2023, Cloudflare faced one of the most sophisticated and persistent DDoS attack campaigns in recorded history.
    We can expect an increase in ransom DDoS attacks during the months of November and December.
  • Cloudflare mitigated thousands of hyper-volumetric HTTP DDoS attacks, 89 of which exceeded 100 million requests per second (rps) and with the largest peaking at 201 million rps — a figure three times higher than the previous largest attack on record (71M rps).
  • The DDoS campaign contributed to an overall increase of 65% in HTTP DDoS attack traffic in Q3 compared to the previous quarter. Similarly, L3/4 DDoS attacks also increased by 14%. The campaign included thousands of hyper-volumetric DDoS attacks over HTTP/2 that peaked in the range of millions of requests per second. The average attack rate was 30M rps. Approximately 89 of the attacks peaked above 100M rps and the largest one we saw hit 201M rps.
  • Gaming and Gambling companies were bombarded with the largest volume of HTTP DDoS attack traffic, overtaking the Cryptocurrency industry from last quarter. 19% of all attacks targeted Cloudflare websites and infrastructure. Another 18% targeted Gaming companies, and 10% targeted well known VoIP providers. The Cryptocurrency industry remains the most attacked in APAC for the second consecutive quarter. Gaming and Gambling came in second place. Information Technology and Services companies in third.
  • Last quarter, the volume of HTTP DDoS attacks increased by 15% QoQ. This quarter, it grew even more. Attacks volume increased by 65% QoQ to a total staggering figure of 8.9 trillion HTTP DDoS requests that Cloudflare systems automatically detected and mitigated.
  • In Q3, approximately 36% of all L3/4 DDoS attack traffic that we saw in Q3 originated from the US. Far behind, Germany came in second place with 8% and the UK followed in third place with almost 5%.
  • Almost 35% of all L3/4 DDoS attack traffic (in bytes) targeted the Information Technology and Internet industry.
  • For the second consecutive quarter, DNS-based DDoS attacks were the most common. Almost 47% of all attacks were DNS-based. This represents a 44% increase compared to the previous quarter. SYN floods remain in second place, followed by RST floods, UDP floods, and Mirai attacks.
  • In Q3, mDNS attacks increased by 456%, whereas CoAP DDoS Attacks and ESP DDoS Attacks increased by, 387% and 303%, respectively.
  • Internet Disruption Q3 2023 Report Highlights
  • Because the Internet has become a critical communications tool, Internet shutdowns are often used by governments as a means of controlling communication both within a country and with the outside world. These government-directed shutdowns are imposed for a variety of reasons, including during periods of civil unrest and protests around elections, and as a deterrent against cheating during exams.
  • The report finds that there was a sharp drop in traffic from Sky Broadband in September. During the evening (UTC) of September 19, numerous complaints could be found on social media about a nationwide outage across the United Kingdom on Sky Broadband (AS5607).
  • On September 12, satellite Internet service provider SpaceX Starlink experienced a brief but complete outage.
  • A fire at the Tunisian Company of Electricity and Gas power station in Rades, Ben Arous Governorate caused a widespread power outage in Tunisia, resulting in an Internet disruption starting at 01:00 local time (00:00 UTC) on September 20. Traffic remained lower than expected for approximately five hours
  • An 11 hour Internet disruption was reported in French Guiana on August 27 as a result of a power outage caused by “a problem that occurred at the energy evacuation station which connects Petit-Saut to the Kourou-Saint-Laurent line”.
  • A widespread power outage in Brazil starting at 08:30 local time (11:30 UTC) on August 15 resulted in a nominal disruption to Internet traffic within the country.
  • On August 27, a “significant security concern” led the University of Michigan to shut down the Internet on the Ann Arbor, Flint and Dearborn campuses. Although the shutdown occurred at the start of the new school year, classes continued as scheduled, but an announcement posted by the University detailed the impact of disconnecting from the Internet, including potential delays in financial aid refunds and the unavailability of certain campus systems.


Please enter your comment!
Please enter your name here