39 Jaw-Dropping DDoS Statistics to Keep in Mind for 2023

Distributed denial of service (DDoS) attacks are a major threat to the hosting industry.

Here’s the thing:

In a DDoS attack, multiple machines come together to target a single host. DDoS allows for a shocking number of requests to be sent to the host, thus supercharging the attack.

What’s more, it makes it difficult for the host to identify and protect itself from the true source of the attack.

Meanwhile, legitimate users can’t access information systems, devices, or other network resources.

That’s really bad news for hosts and their clients. That’s also the main security feature many of the best web hosting providers rightfully take are proud of: mitigating a DDoS without any interruption in service is not a simple feat.

DDoS attacks are relatively easy to instigate and extremely difficult to mitigate. Some of the quality CDN providers help a lot in this regard, but, as you will see from the numbers below, DDoS attacks often are too massive to handle.

Scary DDoS Statistics—2022 Trends Are Scary

• The frequency of DDoS attacks increased more than 2.5 times between 2014 and 2017.
• In 2022, the YoY DDoS growth is 109%.
• The cost of a DDoS attack averages between $20,000-$40,000 per hour.
• The total number of attacks of this type globally will reach 17 million by 2020.
• The average size of DDoS attacks was at 150Mbps in Q1 2021.
• The largest DDoS attack happened in February 2018 GitHub was slammed with 1.3 TBps.
• In April 2019, Imperva reported that it was attacked with over 560 million packets per minute, which is about 4 times more than the PPS GitHub experienced.
• Given that in Q1 of 2019 attacks exceeding 100Gbps grew by 967% compared to the same period of 2018, 2020 is very likely to set new records.

In the US, DDoS attacks are a federal crime under the Computer Fraud and Abuse Act – with penalties that include imprisonment.

The 2022 DDoS Attack Statistics

The sheer size of the most recent instances of distributed-denial-of-service attacks is stupefying.

1. The average DDoS attack size has decreased to around 115Mbps in 2021.

(Source: Radware)

Radware reported a steady decrease in DDoS attack size, with Q1 of 2021 seeing a reduction down to 150Mbps from 315 Mbps in Q4 2020, and a further reduction to 115Mbps in Q3.

2. Microsoft deflected the biggest DDoS attack it had ever faced in August 2021. It was 2.4 Tbps.

(Source: The Record)

This is one of the most incredible DDoS attacks stats you’ll likely encounter. The attack targeted an unnamed European customer of Azure. However, it was unsuccessful! How about that!

3. The cost of a DDoS attack averages between $20,000-$40,000 per hour.

(Source: Cox BLUE)

That figure can even go up to $50,000! That’s roughly what the average American earns in a year.

4. The total cost of DDoS attacks in the UK alone could reach £1bn ($1.3 billion) in 2019.

(Source: Techradar)

What’s more, DDoS tats show a whopping 91% of UK businesses have suffered outages after a successful DDoS attack.

The Dynamics of DDoS Attacks

Large botnets take time to coordinate but can keep going for quite some time.

5. The longest attack in Q1 2021 lasted for over an excruciating 776 hours.

(Source: Kaspersky Lab)

That’s over a full month! We did see a trend in longer attacks over the years, but the figures are still through the roof.

6. Over 90% of DDoS attacks in Q3 2020 lasted under 240 minutes.

(Source: Kaspersky Lab)

There is something of an overall decrease in the duration of attacks. However, there were still nearly five times more ultra-long attacks (lasting over 140 hours) than in Q2 2020.

7. The largest number of attacks in Q4 2018 occurred on October 16 and 18 and on December 4.

(Source: Kaspersky Lab)

This stat is for those interested in the frequency of distributed denial of service (DDoS) attacks. In contrast, December 27 witnessed the fewest attacks out of the whole quarter.

DDoS Demographics

The majority of DDoS attacks originate in China and stay there.

8. China was the leading offender in terms of DDoS attacks in Q3 2020 – it was responsible for a whopping 70.20% of all attacks - an about 20% increase in the last two years.

(Source: Kaspersky Lab)

DDoS growth trends show the US was second with 15.30%, while Hong Kong came third with 4.47%.

9. China was also the most targeted country in the world in Q3 2020 with 72.83% of all attacks.

(Source: Kaspersky Lab)

Once again, the US was second with 15.75%, and Hong Kong Special Administrative Region came third with 4.27%.

10. GitHub (February 2018), Dyn (October 2016), BBC (December 2015), Spamhaus (March 2013), Bank of America/JP Morgan Chase/US Bancorp/Citigroup/PNC Bank (December 2012) are some of the biggest companies targeted by DDoS attacks in recent years.

(Source: vXchnge)

Those are some fascinating DDoS facts. At the time, the attack on GitHub was the largest ever recorded (1.3 TBps).

There’s something even crazier here, though:

The attack only took GitHub’s systems down for about 20 minutes.

Impressive DDoS Trends in 2022 & Beyond

Certain trends emerge when reading the statistical data carefully enough.

11. In Q1 2020, there was a whopping 542% increase in  DDoS activity compared to Q4 2019.

(Source: Nexusguard)

The COVID-19 pandemic brought a massive increase in cybercrime, which ended the steady drop in DDoS attacks we were seeing over the past few years. The beginning of 2020 was the worst so far, having recorded a 2.5 times increase to Q1 of the previous year, and an almost 4.5 times increase compared to Q4 2019.

Fortunately, the DDoS attack growth trends show they tapered down as we went further into the year. However, we will only get the full picture of the damage done in 2020 once the Q4 reports are out.

12. UDP flooding was the most common type of attack in Q4 2018 with 19.7% of all attacks.

(Source: Kaspersky Lab)

This figure showed a steady increase compared to Q3, when only 11.9% of all attacks were of this type.

13. HTTP misuse was the second most common attack type in Q4 2018 with 6.4%.

(Source: Kaspersky Lab)

DDoS risk statistics showed an increase from 3.2% in Q3. However, mixed attacks made up the overwhelming majority in both quarters, with 72% in Q4 and 83.2% in Q3.

14. Together, DoS and DDoS attacks are the most common type of cyber attacks.

(Source: Newrix)

According to DoS statistics, they’re followed by MitM (Man-in-the-Middle), phishing and spear phishing attacks, drive-by attacks, and finally – password attacks round up the top 5.

DDoS Attack Tools

It’s hard to say which is the most widely used tool. Let’s take a quick peek at two of the main contenders:

15. In 2019, LOIC (Low Orbit Ion Canon) was one of the most popular free DDoS attack tools.

(Source: INFOSEC)

LOIC, which sends UDP, TCP, or HTTP requests to the victim server, is most commonly used for DoS attacks. However, it also has a HIVEMIND mode that enables DDoS attacks by allowing the attacker to control remote LOIC-enabled systems.

Interesting fact: Hacker group Anonymous has used LOIC to carry out attacks against many big companies’ networks during the recent rise of DDoS attacks.

16. In 2019, HULK (Http Unbearable Load King) was another extremely popular DDoS attack tool.

(Source: Software Testing Help)

This tool, originally created for research purposes, can bypass the cache engine and generate a large amount of obscure and unique traffic.

DDoS Attack Techniques

DDoS attacks grow in complexity and scale, but the rise of IoT ensures that botnets remain the main strategy.

17. Botnets: Most botnet-based attacks in Q1 2021 took place in January.

(Source: Kaspersky Lab)

A botnet is a number of internet-connected devices, which runs one or more bots. Activity tended to rise mid-week and decrease towards the end.

18. Memcached played an important part in the aforementioned GitHub attack from February 2018.

(Source: Kaspersky Lab)

This is one of the key factors that determine the global state of DDoS attack trends. Memcached servers are a logical target for this type of attacks – which is why they end up on the receiving end of quite a few.

DDoS Defense Techniques

These are some of the most popular defense tools:

19. Cloudflare layer 3 (the Network layer) and 4 (the Transport layer) protection can absorb an attack even before it reaches the server. What’s more, layer 7 (the Application layer) protection can differentiate between well-intentioned and malicious traffic.

(Source: CBR)

Fun Fact: If you study DDoS-protection statistics, you’ll find that the Eurovision Song Contest uses Cloudflare.

20. F5 Networks offer DDoS protection across levels 3 to 7 onsite, in the cloud, or through a combination of the two.

(Source: CBR)

What’s more, it offers 24/7 support.

And here are some of the most effective DDoS attack prevention techniques:

21. Developing a denial of service response plan based on a thorough security assessment.

(Source: phoenixNAP)

The necessary steps are:

• Creating a systems checklist
• Forming a response team
• Defining notification and escalation procedures
• Creating a list of contacts to be notified in case of attack

22. Securing your network infrastructure by utilizing firewalls, VPN, anti-spam, content filtering, load balancing, and other layers of DDoS defense techniques.

(Source: phoenixNAP)

Denial of Service stats are clear:

You need to take multiple layers of precaution to protect yourself from these kinds of attacks.

23. Practicing basic network security.

(Source: phoenixNAP)

Using complex passwords and changing them on a regular basis, and utilizing anti-phishing methods are some secure practices.

Symptoms of DDoS Attacks

Some DDoS symptoms are:

• Slow access to local and remote files
• Long-term inability to access a specific website
• Loss of internet connection
• An excessive amount of spam emails

(Source: Norton)

Losses from DDoS Attacks

Like most forms of cybercrime, DDoS attacks are damaging. In case of website hosting, a continuous DDoS can bring clusters of sites down. If timed well – say, around Black Friday – it could be devastating for the bottom line of the affected sites.

24. In 2018, 20% of companies with 50 employees or more reported they have been the victim of at least one DDoS attack.

(Source: Kaspersky Lab)

According to the latest DDoS attack trends, the three industries most likely to suffer such attacks are telecoms, IT, and financial services.

25. In 2018, 50% of DDoS attacks led to a serious disruption of services.

(Source: Kaspersky Lab)

What’s more, 24% of attacks led to services being completely unavailable for some time.

26. 12% of businesses are confident that a DDoS attack was initiated by their competition.

(Source: Kaspersky Lab)

Some companies will do anything to get ahead in the business world – even resort to foul play!

27. In 2018, 7% of businesses reported attacks that lasted for a week.

(Source: Kaspersky Lab)

These longer DDoS attacks resulted in a severe impediment of services. This is one of the stats behind the steady increase in the size of the market for DDoS protection and mitigation services.

28. Large companies lose $417,000 on average as a result of a DoS attack.

(Source: Kaspersky Lab)

For comparison, small and mid-sized businesses lose an average of $53,000.

Vulnerable Software and Content Management Systems

Even though a lot of successful cyber crimes can be attributed to human error, DDoS usually exploits system vulnerabilities.

29. During one of the worst WordPress security breaches in 2014, over 18 million users were affected.

(Source: ASTRA)

With WordPress.com being so popular, you’d expect such a breach to affect millions.

What’s more, 73% of WordPress-based websites have vulnerabilities that can be exploited. That’s one of the reasons why hosting your WP site with a specialized WordPress host makes a lot of sense.

30. In the first half of 2018, DDoS attacks against Drupal websites peaked on April 29.

(Source: NSFOCUS)

Most of the websites targeted were in Europe and the Americas.

Famous Hackers and Their Victims

It’s hard to believe at first, but DDoS statistics reveal some of the most famous attackers are teenage boys:

31. In 2000, a 15-year-old American high-school hacker known as “Mafiaboy” (real name Michael Calce) carried out a successful DDoS attack, which took down several major websites – including CNN, Dell, E-Trade, eBay, and Yahoo.

(Source: Cloudflare)

How did he do it?

He hacked into the networks of several universities and made use of their servers. Back then, Yahoo was still the largest search engine in the world.

32. In 2013, a British teenage hacker-for-hire carried out the largest ever DDoS attack at the time against The Spamhaus Project – an organization that helps combat spam emails and spam-related activity across the world.

(Source: Cloudflare)

This is one of the more ironic DDoS attack statistics, isn’t it? The attacker drove traffic to Spamhaus at a rate of 300 GBps.

33. On July 4, 2009 (Independence Day in the US), 27 websites of the White House, Federal Trade Commission, Department of Transportation, and Department of the Treasury were subject to a DDoS attack.

(Source: Procedia Computer Science)

Other famous victims include MasterCard, PayPal, and Visa.

DDoS Attacks on Mobile Apps

Mobile traffic is only growing, and so are the attacks against cell phone users and apps.

34. 80% of banking and e-commerce mobile apps are vulnerable to DDoS attacks.

(Source: Appknox)

This one of the most extraordinary DDoS statistics. You’d think that apps involving money transactions should be the ones to have top-notch security. Apparently – not necessarily.

DDoS Attacks on Cloud

Cloud statistics show increased adoption rates but also growing security concerns.

35. 14% of all attacks on cloud are DDoS attacks.

(Source: Procedia Computer Science)

This makes DDoS one of the top nine threats to cloud computing.

Luckily, security options are available:

36. Over 99% of infrastructure layer attacks detected by AWS Shield Standard are automatically mitigated in less than 1 second for attacks on Amazon CloudFront.

(Source: AWS Shield)

That’s one of the most impressive DDoS mitigation stats you’re likely to come across. DDoS is a big deal and having the best protection for it offers a competitive advantage. Amazon has the largest server network in the world; besides offering one of the best unmanaged cloud hosting products it also ensures powerful defenses against DDoS. And if you're worried about managing the internal security of your servers, managed cloud hosting might be more your style.

Legal Status of DDoS Attacks Around the World

DDoS should be punishable by law but, as is the case with many things from the tech world, this is not always the case.

37. In the US, DDoS attacks are a federal crime under the Computer Fraud and Abuse Act – with penalties that include imprisonment.

(Source: U.S.C. Title 18: CRIMES AND CRIMINAL PROCEDURE)

The Computer Crime and Intellectual Property Section of the Department of Justice is responsible for handling DDoS.

38. In the UK, DDoS attacks are illegal and carry a penalty of up to ten years in prison.

(Source: Computer Misuse Act 1990)

Her Majesty’s Government does not look kindly on cybercrime, and DDoS attacks are no exception. The sharp percentage increase in DDoS attacks in the early 2000s forced the government to amend the Act in 2006.

39. On December 15-16, 2015, law enforcement agencies from Bosnia and Herzegovina, Austria, Germany, and the UK joined forces with Europol in an operation against the cybercriminal group DD4BC (DDoS for Bitcoin).

(Source: Europol)

The action was part of a global law enforcement response against the criminal organization.

Conclusion

Like taxes and death, DDoS attacks are an inescapable fact of life. Arbor Networks registers more than 2000 DDoS daily attacks worldwide.

There’s even a Digital Attack Map tool, which allows you to see where in the world DDoS attacks are occurring in real-time!

Here’s the bottom line:

If you’re in the hosting industry, understanding DDoS is the first step. After that, you can set up adequate defenses against these malicious attacks. These mind-blowing DDoS statistics and facts are as good a place to start as any.