Cloudflare Released DDoS Threat Report 2022


Cloudflare, Inc., the security, performance, and reliability company helping to build a better Internet, has announced its 2022 Q3 DDoS report. This report includes insights and trends about the DDoS threat landscape — as observed across the global Cloudflare network.

Multi-terabit strong DDoS attacks have become increasingly frequent. In Q3, Cloudflare automatically detected and mitigated multiple attacks that exceeded 1 Tbps. The largest attack was a 2.5 Tbps DDoS attack launched by a Mirai botnet variant aimed at the Minecraft server, Wynncraft. This is the largest attack Cloudflare has ever seen from the bitrate perspective. It was a multi-vector attack consisting of UDP and TCP floods. However, Wynncraft, a massively multiplayer online role-playing game Minecraft server where hundreds and thousands of users can play on the same server, didn’t even notice the attack, since Cloudflare filtered it out for them.

Geopolitical tensions are reflected in cyberattacks. Cloudflare’s data centres saw attacks targeting Taiwanese companies increase nearly 20-fold, and when looking at the war in Ukraine, the company saw that attacks on Russian websites surged 24x compared to last year.

Highlights of the DDoS Report

General DDoS attack trends

Overall in Q3, Cloudflare has seen:

  • An increase in DDoS attacks compared to last year.
  • Longer-lasting volumetric attacks, a spike in attacks generated by the Mirai botnet and its variants.
  • Surges in attacks targeting Taiwan and Japan.

Application-layer DDoS attacks

  • HTTP DDoS attacks increased by 111 per cent YoY but decreased by 10 per cent QoQ.
  • HTTP DDoS attacks targeting Taiwan increased by 200 per cent QoQ; attacks targeting Japan increased by 105 per cent QoQ.
  • Reports of Ransom DDoS attacks increased by 67 per cent YoY and 15 per cent QoQ.

Network-layer DDoS attacks

  • L3/4 DDoS attacks increased by 97 per cent YoY and 24 per cent QoQ.
  • In Q3, Cloudflare saw a 4x increase in network-layer DDoS attacks attributed to the Mirai botnet. This underscores why securing IoT devices is critical
  • The Gaming / Gambling industry was the most targeted by L3/4 DDoS attacks, including a massive 2.5 Tbps DDoS attack.

Ransom DDoS attacks

Ransom DDoS attacks are attacks where the attacker demands a ransom payment, usually in the form of Bitcoin, to stop/avoid the attack.

  • Q3 saw ransom DDoS attacks increase for the third quarter in a row. September saw almost one out of every four respondents reported receiving a ransom DDoS attack or threat
  • In Q3, 15 per cent of Cloudflare customers that responded to Cloudflare’s survey reported being targeted by HTTP DDoS attacks accompanied by a threat or a ransom note. This represents a 15 per cent increase QoQ and a 67 per cent increase YoY of reported ransom DDoS attacks.

Commenting on the report, Bashar Bashaireh, Managing Director, Middle East & Turkey, Cloudflare says, “Attacks may be initiated by humans, but they are executed by bots — and to play to win, you must fight bots with bots. Detection and mitigation must be automated as much as possible, because relying solely on humans puts defenders at a disadvantage. Cloudflare’s automated systems constantly detect and mitigate DDoS attacks for our customers, so they don’t have to. Over the years, it has become easier, cheaper, and more accessible for attackers and attackers-for-hire to launch DDoS attacks. But as easy as it has become for the attackers, we want to make sure that it is even easier – and free – for defenders of organisations of all sizes to protect themselves against DDoS attacks of all types. We’ve been providing free unmetered and unlimited DDoS protection to all our customers since 2017 — when we pioneered the concept.”

Cloudflare operates in more than 275 cities in over 100 countries, where the company interconnects with over 10,000 network providers in order to provide a broad range of services to millions of customers, giving it a broad understanding of what’s happening across the Internet.