40+ DDoS Statistics, Facts, and Trends

We are reader supported and may earn a commission when you buy through links on our site. Learn more.

Of all the attacks that can occur online, DDoS attacks are the most frustrating and challenging to prevent.

They work by barraging servers with more requests than they can handle, causing sudden overload, which leads to a crash that often takes hours to restore.

These attacks are detrimental as they cause massive service disruption, financial loss, and damage to a company’s reputation.

That said, below are some major DDoS statistics and some facts on DDoS attacks that businesses and individuals should be aware of in 2023.

Top 6 DDoS Statistics (Editor’s Pick)

  • In 2022, Cloudflare intercepted one of the largest HTTPS DDoS attacks.
  • In Q1 2022, Kaspersky detected and stopped 91,052 DDoS attacks.
  • In Q2 2022, CHARGEN was the top-emerging network-layer DDoS attack vector.
  • In 2022, over 500,000 cell phones were the source of DDoS attacks.
  • DDoS attacks in Q1 2022 hit 44.34% of US resources.
  • 40% of gambling sites in 2022 experienced a DDoS attack within 12 months.

Infographic

top 6 ddos statistics
Share This Image On Your Website
				
					<a href="https://vpnalert.com/resources/ddos-statistics/" target="_blank" data-wpel-link="internal"><img src="https://vpnalert.com/wp-content/uploads/2023/05/top-6-ddos-statistics.png" alt="Top 6 DDoS Statistics" width="768" border="0" height="632.96703296703" loading="lazy" fetchpriority="low" srcset="https://vpnalert.com/wp-content/uploads/2023/05/top-6-ddos-statistics-768x633.png 768w, https://vpnalert.com/wp-content/uploads/2023/05/top-6-ddos-statistics-300x247.png 300w, https://vpnalert.com/wp-content/uploads/2023/05/top-6-ddos-statistics-1024x844.png 1024w, https://vpnalert.com/wp-content/uploads/2023/05/top-6-ddos-statistics.png 1456w" sizes="auto"></a>
				
			

Global DDoS Statistics

1. The global DDoS protection and alleviation industry is predicted to grow to $4.1 billion in 2023.

This growth represents a difference of $2.16 billion from the lows of $1.94 billion in 2018.

2. In 2022, Cloudflare Security was the most significant DDoS & Bot protection software worldwide.

It owned 86.33% of the global market, followed by FS Silverline at 10.34% and Imperva Incapsula at 2.5%. All other software had a market share of 0.83%.

3. There was a 60% increase in malicious DDoS events in H1 2022 than in all of 2021.

The number of malicious events per victim rose by 203%. An average of 12,057 DDoS events were blocked monthly, bringing the figures to 1.5X times higher than in 2020 and 2021.

4. In 2022, Cloudflare Intercepted one of the largest HTTPS DDoS attacks.

This attack had 15 million requests per second, came from 6,000 unique bots, and lasted 15 seconds

DDoS Attack & Threats Statistics

5. In 2022, DDoS attacks were among the most significant cybersecurity threats globally.

According to Chief Information Security Officers (CISOs), DDoS attacks comprised 30% of all cybersecurity threats and were most likely to occur within the year.

Major Cybersecurity Threats Share of CISOs
Insider threats (negligence, accidental, criminal) 31%
DDoS attacks 30%
E-mail fraud/Business email compromise 30%
Cloud account compromise 30%
Malware 29%
Ransomware attacks 28%
Smishing/vishing 28%
Supply chain attacks 27%

6. In Q1 2022, Kaspersky detected and stopped 91,052 DDoS attacks.

There was an average of 1,406 attacks per day, with the highest being 2,250 attacks in one day.

7. In Q1 2022, the average length of DDoS attacks was 2 hours.

94.95% of DDoS attacks were 4 hours or less, 3.27% lasted 5 to 9 hours, and 0.03% lasted over 140 hours.

Hours (Attack Time) Distribution
Over 140 hours 0.03%
100-139 hours 0.03%
50-99 hours 0.15%
20-49 hours 0.52%
10-19 hours 1.05%
5-9 hours 3.27%
4 hours or less 94.95%

8. The average price of a DDoS attack on the dark web was $850.

As of June 2022, anyone could purchase a monthly DDoS attack on a website at the quoted price. Comparably, the price of a premium malware attack was $5,500

9. UDP attacks on Microsoft Azure in H2 2021 comprised over 50% of DDoS attacks.

Most User Datagram Protocol (UDP) attacks lasted 30 minutes or less in H1 2021 but grew to 1 to 2 hours in H2 2021.

Ransom DDoS Attack Statistics

10. Ransom DDoS attacks in Q2 2022 increased by 11% from Q4 2021.

Attacks peaked in June at 20%, with 1 out of every 5 individuals experiencing a ransom DDoS attack.

Quarter Percentage of Customers
2021 Q2 9%
2021 Q3 8%
2021 Q4 21%
2022 Q1 9%
2022 Q2 10%

11. In Q4 2022, 16% of DDoS attack victims received a threat or ransom demand note.

This represents a 14% increase in QoQ and a drop of 6% to 16% from highs of 22% in Q4 2021.

Application-Layer DDoS Attack Statistics

12. 55% of websites attacked by Layer 7 DDoS attacks in Q2 2022 were attacked again within 24 hours.

This represents a 5% rise from figures seen in Q1 2022. Meanwhile, 44.47% of websites were attacked only once.

Frequency of DDoS Attacks Share of Customers Affected
Once 44.47%
Twice 15.9%
3 to 5 times 14%
6 to 10 times 9%
10+ times 16.7%

13. 58.4% of all application-layer DDoS attacks in Q2 2022 lasted over 15 minutes.

41.6% lasted under 15 minutes, 24.9% up to an hour, and 33.5% lasted over an hour.

14. The Finance Industry was the target of most application-layer DDoS attacks in Q2 2022.

32.8% of all application-layer attacks targeted the finance industry.

The law and government industry came second at 24.8%, and computing and IT third at 13.9%.

Target Industry Share of Application-Layer DDoS Attacks
Financial services 32.8%
Law and Government 24.8%
Computing and IT 13.9%
Business 7.4%
Retail 4.9%
Telecom & ISPs 3.8%
Entertainment 2.0%
Gaming 1.8%

15. The United States was the most application-layer DDoS-attacked country.

As of Q2 2022, 59.3% of all attacks targeted the United States.

Russia came second with 9.4% of all attacks, and the UK third with 6.1%.

Country Share of Application-Layer DDoS Attacks
United States 59.3%
Russia 9.4%
United Kingdom 6.1%
Australia 5.0%
Brazil 4.6%
Ukraine 2.3%
France 2.3%
Spain 1.6%
Germany 1.5%

16. In Q2 2022, there was a 72% increase in application-layer DDoS attacks.

Organizations in Cyprus experienced a 166% rise in attacks. The most targeted industry was the aviation and aerospace industry, which experienced a rise of 493% in attacks.

17. Application-layer DDoS attacks from China and the US decreased by 78% and 43%, respectively.

Meanwhile, attacks from India, Germany, and Brazil in Q2 2022 grew by 87%, 33%, and 67%, respectively.

18. In Q2 2022, application-layer DDoS attacks in the United States increased by 67% quarter on quarter.

Meanwhile, attacks on Chinese companies dropped by 80%. 

Network-Layer DDoS Attack Statistics

19. In Q2 2022, CHARGEN was the top-emerging network-layer DDoS attack vector.

There was a 377.7% QoQ change in the Character Generator Protocol (CHARGEN) attack vector.

Top-Emerging Network-Layer DDoS Threats QoQ Changes
ChargeGen 377.7%
Ubiquity 327.6%
Memcached 287.4%
TeamSpeak3 233.9%
WS Discovery 171.8%
CLDAP 139.8%
UDP 92.5%
Lantronix 76.0%
SNMP 53.6%
AFS 38.2%

20. In Q2 2022. there was a 66% increase in network-layer attacks on telecommunications companies.

13.6% of attacks were directed at telecommunication companies.

Coming second and third were the gaming and IT industries at 3.6% and 1.9%, respectively.  

Industry Percentage of Attack Traffic
Telecommunications 13.6%
Gaming 3.6%
IT 1.9%
Software 0.4%
Gambling & Casinos 0.3%
Finance 0.2%
Website design 0.1%
Computer software 0.1%

21. Network-layer DDoS attacks in Q2 2022 grew by 109% year on year.

Attacks lasting 3+ hours increased by 12% from Q1 to Q2, while attacks of 100+ Gbps increased by 8% from Q1 to Q2.

22. 43.6% of DDoS attacks in Q2 2022 were network-layer.

Of these, 21.04% lasted over an hour, while 57.69% lasted less than 7 minutes.

Attack Duration Percentage
Less than 7 minutes 57.69%
Less than 30 minutes 15.98%
Up to 60 minutes 5.29%
More than 1 hour 21.04%

23. In Q2 2022, 80% of customers attacked through network-layer DDoS attacks were attacked again.

Of these, 91.18% of customers were attacked again within 24 hours.

48.53% experienced the second attack within 12 hours.

Attack Duration Percentage
12 hours - 4 hours 48.53%
24 hours - 12 hours 42.65%
4 hours & below 8.82%

24. In Q2 2022, the United States was the most targeted country by network-layer DDoS attacks.

70.1% of attacks targeted the US, with Taiwan and Poland coming second and third, at 7.8% and 4.3%, respectively.

Country Share of Network-Layer DDoS Attacks
The United States 70.1%
Taiwan 7.8%
Poland 4.3%
Canada 4.1%
Australia 3.5%
Philippines 2.1%
Spain 1.5%

25. In Q2 2022, 31.6% of network-layer DDoS attacks targeted the banking and finance industry.

Coming in a close second and third was the communications industry at 28.2% and the entertainment sector at 19.4%.

26. 53.6% of network-layer DDoS attacks in Q2 2022 were SYN Floods.

SYN, DNS, and RST were the most popular top three network-layer attack vectors.

Top Attack Vectors Percentage
SYN 53.6%
DNS 17.6%
RST 7.8%
UDP 6.7%
SSDP 3.1%
ACK 1.8%
Ws Discovery 1.1%

27. Network-layer DDoS attacks lasting over 3 hours in Q2 2022 grew by 9%.

52.4% of all attacks lasted under 10 minutes, while 39.7% lasted between 10 to 20 minutes.

Attack Duration Percentage
Under 10 minutes 52.4%
10 - 20 mins 39.7%
20 - 40 mins 5.3%
40 - 60 mins 1.1%
1 - 3 hours 1.0%
Over 3 hours 0.5%

DDoS Attacks on Devices Statistics

28. In 2022, over 500,000 cell phones were the source of DDoS attacks.

60% of attacks came from affected Android devices, while 40% came from iOS devices.

29. In 2021, routers were the most vulnerable IoT devices to DDoS attacks.

Regarding susceptibility to DDoS attacks, routers were at 46%, while cameras and smart home devices were at 3% each.

IoT Device Share of Vulnerability to DDoS Attacks
Routers 46%
Access points 17%
Extenders and mesh 17%
NAS 5%
VoIP 4%
Camera 3%
Smart home devices 3%

DDoS Attacks Regional Facts

30. In 2021, the United States received 35% of all DDoS attacks globally.

The UK and China came second and third, below 20% each. These attacks targeted the US internet and computer industries.

31. In 2021, over 30% of DDoS attacks in Russia were directed at the retail sector.

Most DDoS attacks in the region were directed at the finance industry by hacktivist groups to disrupt operations and large websites.

32. DDoS attacks in Q1 2022 hit 44.34% of US resources.

Meanwhile, 11.60% of resources in China and 5.06% in Germany were hit by DDoS attacks.

Country Percentage of Resources Affected
The United States 44.34%
China 11.60%
Germany 5.06%
United Kingdom 3.89%
Hong Kong 3.71%
France 3.65%
Canada 3.37%
Netherlands 2.36%
Brazil 2.24%
Singapore 1.86%

33. In 2021, DDoS cyber attacks in Italy rose to 20,500.

These DDoS cyber attacks grew by around 13,000 from a low of 7,000 in 2017.

34. 59% of Japanese computer users in 2022 were unaware of the meaning of DDoS.

Meanwhile, 67.5% of Japanese smartphone users did not know or understand the meaning of Distributed Denial of Services (DDoS).

35. In 2021, organizations in the wired telecommunications industry were the main target of DDoS attacks.

In the US, 174,000 DDoS attacks were directed toward organizations within this industry. Others were directed toward businesses in the data processing and hosting service industry. 

36. In Q2 2022, there was a 660% rise in DDoS attacks in Ukraine.

80% of these attacks focused on broadcast, online media, internet, and publishing companies.

ddos attacks in ukraine
Share This Image On Your Website
				
					<a href="https://vpnalert.com/resources/ddos-statistics/" target="_blank" data-wpel-link="internal"><img src="https://vpnalert.com/wp-content/uploads/2023/05/ddos-attacks-ukraine.png" alt="DDoS Attacks in Ukraine" width="768" border="0" height="544.35912581217" loading="lazy" fetchpriority="low" srcset="https://vpnalert.com/wp-content/uploads/2023/05/ddos-attacks-ukraine-768x544.png 768w, https://vpnalert.com/wp-content/uploads/2023/05/ddos-attacks-ukraine-300x213.png 300w, https://vpnalert.com/wp-content/uploads/2023/05/ddos-attacks-ukraine-1024x726.png 1024w, https://vpnalert.com/wp-content/uploads/2023/05/ddos-attacks-ukraine-1536x1089.png 1536w, https://vpnalert.com/wp-content/uploads/2023/05/ddos-attacks-ukraine.png 1693w" sizes="auto"></a>
				
			

37. The Banking, Financial Services, and Insurance companies were the most targeted in Russia.

In Q2 2022, 45% of Russia’s DDoS attacks targeted the BFSI sector.

The cryptocurrency sector came second, and online media was third.  

The Cost of DDoS Attacks Statistics

38. In Q3 2021, ransom DDoS attacks caused a $700,000 reduction in revenue for Bandwidth.com.

The site reported that the actual loss would amount to $12 million.

39. In March 2022, Among Us remained inoperable for European and North American players after a DDoS attack.

In January, APEX legends pro-gamers complained that “Ranked” was unplayable, while team Andorra was eliminated in the high-stakes Squidcraft Games tournament thanks to DDoS attacks

DDoS Trends and Statistics

40. In Q2 2022, DDoS attackers used HTTP pipelining and multiplexing to maintain high-rate attacks for hours.

A new DDoS attack record was set for 25.3 billion requests at 3.9M Rps in under 5 hours. An earlier attack had occurred at the high-frequency rate of 10M Rps, using only 121 IPs.

41. The number of DDoS attacks larger than 500 Gbps grew by 287%.

In Q1 2022, the number of attacks up to 1 Tbps was 0.71%. By Q2, this figure had risen to 2.30%, with further attacks of 0.34% above 1 Tbps.

The Volume of DDoS Attacks Q1 2022 Q2 2022
Up to 10 Gbps 60.80% 55.02%
Up to 100 Gbps 34.02% 35.03%
Up to 500 Gbps 4.46% 7.31%
Up to 1 Tbps 0.71% 2.30%
More than 1 Tbps - 0.34%

42. 40% of gambling sites in 2022 experienced a DDoS attack within 12 months.

Of these, 80% were attacked more than once. Meanwhile, 25% were attacked in the last month of Q2 and 25% in the last week of Q2.       

Protect Yourself From DDoS Attacks

Based on current data, there is a rise in both the frequency and volume of attacks, including the attack durations. Ransom DDoS attacks are also rising, with the BFSI sector being the top targeted industry globally. Additionally, it has become cheaper for attackers and attackers-for-hire to launch DDoS attacks. 

Undoubtedly, this trend of large-scale DDoS attacks will not slow down.

Now more than ever, it’s crucial that you have a solid security plan to protect and secure all your digital assets.

While humans initiate DDoS attacks, bots execute them. You must automate detection and mitigation efforts as much as possible to win, which means relying on services such as Cloudflare.

Check our phishing statistics roundup for a holistic view of cyber threats. 

References:
  1. https://www.statista.com/statistics/1350460/cybersecurity-threats-at-companies-worldwide-cisos/
  2. https://www.statista.com/statistics/1255583/ddos-attacks-by-attacked-country/
  3. https://www.statista.com/statistics/1189519/ddos-attacks-distribution-in-russia-by-industry/
  4. https://securelist.com/ddos-attacks-in-q1-2022/106358/
  5. https://www.statista.com/statistics/985329/worldwide-ddos-protection-mitigation-market/
  6. https://www.statista.com/statistics/985443/worldwide-ddos-bot-protection-market-share/
  7. https://www.statista.com/statistics/649366/cyber-attacks-ddos-in-italy-timeline/
  8. https://www.statista.com/statistics/1350155/selling-price-malware-ddos-attacks-dark-web/
  9. https://www.statista.com/statistics/1321554/japan-awareness-of-dos-attacks-among-computer-users/
  10. https://www.statista.com/statistics/1228489/japan-awareness-of-dos-attacks-among-mobile-device-users/
  11. https://www.statista.com/statistics/1260806/ddos-attacks-by-vertical-united-states/
  12. https://www.statista.com/statistics/1290773/ddos-attacks-microsoft-azure-infrastructure-vector/
  13. https://www.statista.com/statistics/1290766/ddos-attacks-microsoft-azure-infrastructure-duration/
  14. https://www.imperva.com/resources/reports/DDoS-Threat-Landscape-Report-Q2-2022.pdf
  15. https://www.imperva.com/blog/81-increase-in-large-volume-ddos-attacks/
  16. https://blog.cloudflare.com/ddos-attack-trends-for-2022-q2/
  17. https://blog.cloudflare.com/ddos-threat-report-2022-q4/
  18. https://www.radware.com/getattachment/ba8a3263-703b-4cc7-a5d0-741dc00e9273/H1-2022-Threat-Analysis-Report_2022_Report-V2.pdf.aspx
  19. https://blog.cloudflare.com/15m-rps-ddos-attack/
  20. https://seacom.co.ke/business-insights/can-cell-phones-be-the-source-of-ddos-attacks/
  21. https://securingsam.com/wp-content/uploads/2022/04/SAM_IOT-Security-Report.pdf