Cloudflare DDoS Report Finds Increase in Attack Volume and Duration

Cloudflare released its Distributed Denial of Service (DDoS) Threat Report for the fourth quarter of 2022. The report covers the DDoS attack landscape as detected by the Cloudflare network. HTTP DDoS attacks increased 79% year-over-year with ransom DDoS attacks seeing an increase as well. The report found that longer attacks on increasing especially with network-layer DDoS attacks.

Cloudflare found that attacks exceeding 100 gigabits per second increased by 67% quarter-over-quarter (QoQ). Attacks that lasted longer than three hours also increased by 87% QoQ. Omer Yoachimik, Product Manager at Cloudflare, notes that for HTTP DDoS attacks:

While most of these attacks were small, Cloudflare constantly saw terabit-strong attacks, DDoS attacks in the hundreds of millions of packets per second, and HTTP DDoS attacks peaking in the tens of millions of requests per second launched by sophisticated botnets.

QoQ Change in DDoS attack rates in 2022 Q4 as measured by Cloudflare

QoQ Change in DDoS attack rates in 2022 Q4 as measured by Cloudflare (credit: Cloudflare)


In August of 2022, Google claimed that they fended off a DDoS attack that peaked at 46 million requests per second. Emil Kiner, Senior Product Manager at Google, and Satya Konduru, Engineering Lead at Google, put the scale of the attack into perspective:

To give a sense of the scale of the attack, that is like receiving all the daily requests to Wikipedia (one of the top 10 trafficked websites in the world) in just 10 seconds.

Yoachimik shares that Cloudflare defended an attack against a Korean-based hosting provider that reached one terabyte per second. The attack in question was an ACK flood and was about one minute in duration. An ACK flood attempts to overload a server with TCP ACK packets. The server consumes resources processing the ACK packages preventing it from handling legitimate requests.

Cloudflare found that HTTP DDoS attacks made up 35% of all traffic to Aviation and Aerospace Internet sites. For Education Management companies 92% of traffic was part of network-layer DDoS attacks. Yoachimik also shared that 93% of network-layer traffic to Chinese Internet properties was part of network-layer DDoS attacks.

Ransom DDoS attacks also increased with 16% of…