DDoS Attacks Soar 53% To 21.3 Million, Cloudflare Reports

Cloudflare blocked 21.3 million DDoS attacks in 2024, including a record-breaking 5.6 terabit-per-second strike that targeted an Asian internet service provider last October. The yearly total marked a 53% increase from 2023.

The 80-second October attack, which originated from over 13,000 compromised Internet of Things devices running Mirai malware variant, highlighted an alarming trend: hyper-volumetric attacks exceeding 1 terabit per second grew by 1,885% in the fourth quarter compared to the previous quarter. Ransom DDoS attacks, where criminals threatened organizations with service disruptions unless paid, rose 78% in the same period.

When the first AI backtrace tools come online...

[zurkeyon]

There are going to be some people in some very serious trouble, on the hook for trillions in losses. Hope they know the phrase "There is always somebody better" ;-)

Need new laws

[Hoi Polloi]

Providers who have a significant number of compromised systems in their IP blocks should be threatened with being blocked unless they block those IPs.

Re:

[Tablizer]

The new administration should focus on laws punishing sloppy IOT companies instead of renaming geography and harassing transgenders.

Re: Need new laws

[drinkypoo]

Trump can't even talk and think at the same time. When the teleprompter stops he either gabbles randomly, rants incoherently, or in the best case just stands there and complains about it not working.

Re:

[fluffernutter]

This makes me think I have never seen him talk with the teleprompter working.

Re:

[Tablizer]

Once when his teleprompter was glitching, he said something about George Washington's army "ramping the ramparts at his beautiful airport". If I'm going wing-it and guess what it's supposed to say, I wouldn't use "airport" for a story about the 1700's. Maybe "ship ports"? WTF.

Re:

[drinkypoo]

The prompter probably just said "ports" and since he doesn't read anything but Mein Kampf (which he uses to make himself feel warm and fuzzy so he can sleep) he didn't know that word. But he knows "airport" because AIRPLANE! WHHOOOOOOOSSHHHHH!

Re:

[Fly Swatter]

It's now "walk and text..." try to keep up.

Re:

[ihavesaxwithcollies]

The new administration should focus on laws punishing sloppy IOT companies instead of renaming geography and harassing transgenders.

You forgot about being racist, saluting hitler, pardoning 1500 criminals, attempting to invalidate a constitutional amendment...

How is the price of eggs again?Tariffs will help that, right? [theguardian.com] Surely he did something to help the non-oligarchs? [cnn.com]

Re:

[Tablizer]

ug, don't remind me.

'Murica, wtf were you thinking?

Re:

[Bert64]

A lot of ISPs especially in developing countries are forced to use CGNAT due to lack of legacy address space. It was first come first served, and the countries which developed fastest got the lions share.

These countries tend not to (yet) have legislation requiring ISPs to identify users in the event of illegal activity, so they don't log the traffic going through the CGNAT gateways as this becomes extremely expensive.
As such, traffic which originates on an end user line and passes through a CGNAT gateway be

Re:

[WaffleMonster]

As such, traffic which originates on an end user line and passes through a CGNAT gateway becomes extremely difficult to trace when its happening, and almost impossible after the fact.

Many ISPs in developing countries ignore abuse reports because they can't do anything about them with the current setup, and configuring the necessary logging to be able to track activity would be prohibitively expensive. These costs would need to be recovered from the paying customers, which would make the service even more expensive - and remember this is mostly in developing countries where the cost of CGNAT gateways has already made the service more expensive while the customers themselves generally have less disposable income to pay for it.

ISPs use port range mapping to disambiguate multiple users behind a CGN.

Re:

[Bert64]

That only works if you have a sufficiently small number of users that you can allocate each of them a sensible range of ports. In a lot of developing countries there might be several thousand users behind a single gateway.

That also assumes that wherever the traffic is going is logging the source ports.

Plus limiting the source port range make DNS spoofing much easier, see CVE-2008-1447

Changing the ports can break certain nat traversal mechanisms.

The implementation of the ISP here does not do this (one of the

MICROS~1 Windows strikes again :o

[Mirnotoriety]

DDoS attacks soar fifty three percent to twenty one million. The primary cause being all those compromised Microsoft Windows desktops out there on the Internet.

Re:

[Tablizer]

Nah, Gates bribed Xi's hackers to break into Linux instead to make Windows look better in comparison. My brainworm has the proof.

AI scraping?

[zkiwi34]

Just a hypothesis.. How much of apparent new DDoS could be AI scraping data as fast as it can as frequently as it can?

Re:

[CEC-P]

I've heard some numbers from site operators. This is what that is. It's over 90% of their traffic and growing.

Re:

[Fly Swatter]

All normal traffic eventually drowned out by bots, who could have imagined?

Net neutrality needs an adjustment to allow human prioritization. All bot or automated traffic including ads should be de-prioritized, call me a botist all you want just don't confuse me with a botanist.

Newsflash: Cloudflare hype makes them money

[ihadafivedigituid]

Who knows if the reports they publish are bullshit or not? Having had some experience with their (unsolicited) sales weasels, I wouldn't believe a word they say.