Gcore Radar is a quarterly report prepared by Gcore that provides insight into the current state of the DDoS protection market and cybersecurity trends. This report gives you an understanding of the evolving threat landscape and highlights the steps needed to effectively protect against attacks. It serves as an insight for businesses and individuals looking to stay informed about the latest developments in cybersecurity.
Entering 2023, the cybersecurity landscape is witnessing a high volume increase in sophisticated attacks. Here, we present the current state of the DDoS protection market based on Gcore statistics.
Key Highlights from Q1–Q2
- Maximum attack power increased from 600 to 800 Gbps.
- UDP flood attacks were the most common and accounted for 52% of total attacks, while SYN floods accounted for 24%. In third place is the TCP flood.
- The most attacked business sectors are games, telecommunications, and finance.
- The longest attack duration in the first half of the year was seven days, 16 hours and 22 minutes.
- Most of the attacks lasted less than four hours.
High Volume Offensive: Increasing Threat
There has been a significant increase in the strength and volume of DDoS attacks over the last two years:
|Figure 1. 2021–2023 attack intensity, Gbps|
Alt Text: Illustration of increased attack from 300 Gbps in 2021 and 650 Gbps in 2021 to 800 Gbps in 2023
An alarming 50–100% increase in annual DDoS attack volume highlights the growing sophistication of cyber attackers and the use of increasingly sophisticated tools. This means that businesses need to invest in DDoS mitigation strategies and solutions to protect their network, systems and customer data. Failure to address these evolving threats can result in costly disruptions, damage to reputation, loss of customer trust and security breaches.
DDoS Attack Techniques
According to Gcore statistics, in Q1–Q2 of 2023:
- UDP flooding is becoming more popular among attackers and is the most common method
- SYN floods are in second place
- In third place is the TCP flood
- All other techniques combined account for only 5% of attack type
|Figure 2. Distribution of attack types, Q1–Q2 2023|
Alt text: Type of attack illustrated: 52% – UDP, 24% – SYN flood, 19% – TCP flood, 5% – other traffic
According to Andrey Slastenov, Head Web Security on Gcore, there has been an increase in the frequency of complex multi-vector attacks by attackers. Attackers are now using adaptive strategies, such as combining high-volume UDP attacks with large numbers of TCP packets, and shifting from targeting the application layer with large amounts of traffic to using small, high-volume packets. This change in tactics represents a deliberate attempt to intensify DDoS attacks by overwhelming network infrastructure and potentially bypassing mitigation measures. The main goal is to maximize the impact of attacks and disrupt services.
DDoS Attacks by Business Sector
DDoS attacks in various business sectors have revealed specific trends and impacts. According to the Gcore report, the gaming, telecommunications and financial industries were the most attacked sectors in Q1–Q2 of 2023.
|Figure 3. The most attacked industries based on Gcore statistics.|
Alt Text: Illustration of attack type: 30.1% – Gaming, 24.7% – Telecommunications, 16.8% – Finance, 28.4% – Other
That gaming industry is the most targeted sector, accounting for most DDoS attacks. Gaming platforms, which operate in real-time and serve millions of active users, suffer disastrous consequences from even brief downtimes. Attackers aim to disrupt service, spoil the player experience, and potentially gain a competitive advantage. The financial implications are huge, with game companies often out-of-pocket expenses $25,000 to $40,000 per hour downtime.
That telecommunications sector faced a significant volume of DDoS attacks, affecting internet service providers (ISPs) and other telecommunication services. These attacks could result in widespread internet outages, impacting not only the telcos themselves but also the businesses and consumers who rely on their services. The disruptive nature of such attacks on critical infrastructure can have far-reaching consequences, disrupting communications and various aspects of daily life and business operations for customers.
That financial sector, which includes banks and financial technology (FinTech) companies, continues to be threatened by DDoS attacks. The increasing adoption of digital banking and online financial services has increased the potential for disruptive attacks that can completely halt financial operations.
DDoS protection from Gcore
Gcore can protect you from DDoS attacks with threat protection on L3, L4, and L7 with a filtering capacity of over 1 Tbps. Real-time traffic filtering selectively blocks malicious sessions, allowing normal business processes to continue during an attack. All Gcore DDoS Protection servers are equipped with high-performance 3rd generation Intel® Xeon® Scalable processors, which enable fast processing so we can respond to attacks as quickly as possible. Learn how Gcore refused 650 Gbps attack in January 2023.