Cloudflare Reports Alarming Surge in DDoS Attack Traffic in 2023

In a recently released threat report, Cloudflare has revealed a staggering surge in Distributed Denial of Service (DDoS) attacks, more than doubling year over year in the fourth quarter of 2023. The alarming increase coincided with the widespread exploitation of the novel zero-day vulnerability HTTP/2 Rapid Reset. Threat actors leveraged this vulnerability to launch record-breaking DDoS attacks, reaching unprecedented levels in the third quarter of the same year.

At the peak of the HTTP/2 vulnerability attacks, Cloudflare reported mitigating approximately 201 million requests per second, highlighting the severity of the threat landscape. Omer Yoachimik, Senior Product Manager of DDoS Protection and Security Reporting at Cloudflare, emphasized that the nature of DDoS attacks has evolved, requiring significantly fewer resources and time compared to previous years. Notably, the deployment of generative AI tools has facilitated more sophisticated attack strategies.

Cloudflare disclosed that DDoS attacks were particularly prevalent in sectors such as retail, shipment, and public relations during the holiday shopping season. While the number of HTTP DDoS attacks experienced a 20% decline compared to 2022, network-layer DDoS attacks surged by 85%, totaling 8.7 million incidents in 2023. These attacks auto-mitigated at a rate of 996 per hour, amounting to 27 terabytes.

Malicious actors are increasingly leveraging cloud infrastructure to create botnets, which can be up to 5,000 times more potent than traditional IoT-based botnets. Notable instances of DDoS attacks causing significant disruptions were observed, including attacks against Microsoft in June 2023, impacting services such as Azure, OneDrive, and Outlook.

Cloudflare's recommendations to organizations include the automation of in-line detection and mitigation, machine learning-based anomaly and bot detection, traffic profiling, rate limiting based on specific criteria, implementation of threat intelligence, and the use of web application firewalls.

Omer Yoachimik stressed the enduring threat posed by DDoS attacks, stating, "DDoS attacks remain one of the oldest cyberattack types, and one of the easiest to execute. For an unprotected organization, even one minute of downtime or latency can lead to significant impact."

As cybersecurity threats continue to evolve, organizations are urged to stay vigilant, adopt advanced mitigation strategies, and implement robust security measures to protect against the growing menace of DDoS attacks and zero-day vulnerabilities.