Qrator Labs Reports 319% Surge in DDoS Attacks in Q3 2024

By Riley ThompsonTechnology News

Qrator Labs: 319% Increase in DDoS Attacks in Q3 2024

Analysts at Qrator Labs have released a report on DDoS attacks for the third quarter of 2024. According to the company, the number of attacks increased by 319% compared to the same period last year. Researchers attribute this surge to seasonal trends, noting that “after a summer lull, the main peak of activity typically occurs in the fall and winter.”

While the year-over-year increase was 319%, compared to the second quarter of 2024, the growth was 80% at the network and transport layers, and 70% at the application layer.

The researchers believe that cybercriminals have already begun “probing attacks”—active preparations for the sales season, which usually sees a spike in malicious activity.

Multivector Attacks and Targeted Sectors

Multivector attacks accounted for 16.51% of all attacks in the third quarter, slightly lower than in the first (23.22%) and second (17.76%) quarters of 2024.

“It’s clear that attackers have recognized the effectiveness of multivector attacks, especially against unprotected or poorly protected infrastructures, and continue to exploit their advantages,” commented Dmitry Tkachev, CEO of Qrator Labs.

During the third quarter, the main targets remained the macro-segments of fintech (31.94%) and e-commerce (21.13%), as well as IT and telecom (9.58%).

Among the top three most-attacked micro-segments, the participants remained the same, but their rankings shifted: banks took first place (20.15%), online retail came in second (16.71%), and online bookmakers, which led last quarter, dropped to third (9.09%).

Impact of Major Sporting Events

“The share of DDoS attacks on the online bookmakers micro-segment decreased somewhat in the third quarter of 2024 compared to the second quarter, but remained quite high. We attribute this to the UEFA European Football Championship, whose final stage took place in early July, as well as the Summer Olympic Games, which were held in July and August,” added Dmitry Tkachev.

Attack Intensity and Duration

The most intense attacks in the third quarter were observed in the online bookmakers (446.57 Gbps), banks (316.85 Gbps), hosting platforms (313.03 Gbps), forex (311.21 Gbps), and payment systems (300.06 Gbps) micro-segments. As in the previous quarter, there were numerous attacks with a bitrate exceeding 100 Gbps.

However, the duration of attacks did not set any records. The average attack duration dropped to 35.8 minutes. Excluding peak values, the average duration was 25 minutes—significantly higher than the previous reporting period (about 15 minutes), but still not excessive.

Geography of Malicious Traffic

The list of countries that are the main sources of malicious traffic has remained largely unchanged for several quarters. Russia continues to lead with 26.92% of all blocked IP addresses, followed by the United States at 16.25%.

Last quarter, China’s share, which usually held third place, dropped sharply and has remained low since (2.88%). Researchers note that there is still no stable new contender for third place: while Brazil previously took the “bronze,” India has now replaced it with a share of 4.76%.

Leave a Reply