Gcore Radar is a quarterly report prepared by Gcore that provides insights into the current state of the DDoS protection market and cybersecurity trends. This report offers you an understanding of the evolving threat landscape and highlights the measures required to protect against attacks effectively. It serves as an insight for businesses and individuals seeking to stay informed about the latest developments in cybersecurity.
As we entered 2023, the cybersecurity landscape witnessed an increase in sophisticated, high-volume attacks. Here, we present the current state of the DDoS protection market based on Gcore's statistics.
Key Highlights from Q1–Q2
- The maximum attack power rose from 600 to 800 Gbps.
- UDP flood attacks were most common and amounted to 52% of total attacks, while SYN flood accounted for 24%. In third place was TCP flood.
- The most-attacked business sectors are gaming, telecom, and financial.
- The longest attack duration in the year's first half was seven days, 16 hours, and 22 minutes.
- Most attacks lasted less than four hours.
High-Volume Attacks: An Escalating Threat
There has been a significant increase in the power and volume of DDoS attacks over the last two years:
- In 2021, the capacity of DDoS attacks was up to 300 Gbps.
- In 2022, the attack capacity was about 650 Gbps.
- In Q1–Q2 of 2023, we see a capacity of about 800 Gbps.
|Figure 1. Attack intrensity 2021–2023, Gbps|
Alt Text: Illustration of attack raising from 300 Gbps in 2021 and 650 Gbps in 2021 to 800 Gbps in 2023
The alarming 50–100% annual increase in DDoS attack volume highlights the growing sophistication of cyber attackers and their utilization of increasingly powerful tools. This means that businesses need to invest in DDoS mitigation strategies and solutions to protect their networks, systems, and customer data. Failure to address these evolving threats can result in costly disruptions, reputational damage, loss of customer trust, and security breaches.
DDoS Attack Techniques
According to Gcore's statistics, in Q1–Q2 of 2023:
- UDP flood became more popular among attackers and is the most common method
- SYN flood is in second place
- In third place is TCP flood
- All other techniques combined accounted for just 5% of attack types
|Figure 2. Attack type spread, Q1–Q2 2023|
Alt Text: Attack types illustrated: 52% - UDP, 24% - SYN flood, 19% - TCP flood, 5% - other traffic
According to Andrey Slastenov, Andrey Slastenov, Head of Security at Gcore, there has been an increase in the frequency of complex, multi-vector attacks by attackers. Attackers are now employing adaptive strategies, such as combining high-volume UDP attacks with a massive number of TCP packets, and shifting from targeting the application layer with a large amount of traffic to using a high volume of small packets. These changes in tactics indicate a deliberate effort to intensify the DDoS assault by overwhelming the network infrastructure and potentially bypassing mitigation measures. The ultimate goal is to maximize the impact of the attack and disrupt services.
DDoS Attacks by Business Sector
DDoS attacks across different business sectors have revealed specific trends and impacts. According to Gcore's report, gaming, telecom, and financial industries were the most attacked sectors in Q1–Q2 of 2023.
|Figure 3. Most attacked industries based on Gcore's statistics.|
Alt Text: Attack types illustrated: 30.1% - Gaming, 24.7% - Telecom, 16.8% - Financial, 28.4% - Other
The gaming industry was the most targeted sector, accounting for a considerable proportion of the DDoS attacks. Gaming platforms, operating in real-time and catering to millions of active users, experience detrimental consequences from even short periods of downtime. Attackers aim to disrupt services, undermine player experiences, and potentially gain a competitive advantage. The financial implications are substantial, with gaming companies often incurring a cost of $25,000 to $40,000 per hour of downtime.
The telecommunication sector faces a significant volume of DDoS attacks, affecting internet service providers (ISPs) and other telecom services. These attacks can result in widespread internet outages, impacting not only the telecom companies themselves but also businesses and consumers relying on their services. The disruptive nature of such attacks on critical infrastructure can have far-reaching consequences, disrupting communications and various aspects of daily life and business operations for customers.
The financial sector, encompassing banks and financial technology (FinTech) companies, remains constantly threatened by DDoS attacks. The rise in digital banking and online financial services adoption has increased the potential for disruptive attacks that can bring financial operations to a complete halt.
DDoS Protection from Gcore
Gcore can protect you from DDoS attacks with protection against threats at L3, L4, and L7 wielding over 1 Tbps of filtering capacity. Its real-time traffic filtering selectively blocks malicious sessions, allowing normal business processes to continue during attacks. All Gcore DDoS Protection servers are equipped with high-performance 3rd generation Intel® Xeon® Scalable processors, enabling fast processing so we can respond to attacks as quickly as possible. Learn how Gcore repelled a 650 Gbps attack in January 2023.