A new report from Zayo has revealed a significant increase in Distributed Denial of Service (DDoS) attacks, with a 106% rise in frequency observed from the second half of 2023 to the first half of 2024.
The average duration of these attacks has also extended, now lasting 45 minutes, which represents an 18% increase compared to the previous year.
The financial impact of such attacks on unprotected organisations is substantial, amounting to approximately USD $270,000 per attack at a rate of USD $6,000 per minute.
Zayo attributes the surge in DDoS attacks to advancements in Artificial Intelligence (AI), which have made it easier to launch bot-based attacks with greater frequency, duration, and intensity. Tema Hassan, senior product manager at Zayo Europe, highlighted that "recent trends in Distributed Denial-of-Service (DDoS) attacks in Europe reveal a significant escalation in both frequency and sophistication." Hassan added that geopolitical conflicts have driven an increase in attacks on critical sectors such as financial services, telecommunications, and internet service providers.
The report identifies the telecommunications sector as the most-targeted industry, accounting for 57% of all attacks. Other frequently attacked industries include education (19%), manufacturing (5%), and cloud/SaaS sectors (5%). Notably, manufacturing has overtaken retail as the industry facing the largest DDoS attacks, followed by the healthcare sector, which experienced a 128.5% increase in attacks compared to the first half of 2023. The manufacturing sector also saw a dramatic 308% increase in attack duration and a 200% rise in the size of DDoS attacks.
Government entities were found to be victims of the longest duration attacks, with an average attack time of over six hours, marking a 41% increase from the first half of 2023. Zayo's senior vice president of Network Connectivity, Max Clauson, warned that if the current trend continues, there could be a further 24% increase in attacks by the end of the year. Clauson emphasised, "the only way to fight back is to add protection to your tech stack. When your business is protected, attackers have no other option but to move on to find an easier target."
In addition to identifying new attack techniques exploiting vulnerabilities in modern web protocols like HTTP/2, the report noted that traditional DNS-based attacks remain prevalent and have grown in scale. Hassan commented that Europe is responding to these evolving threats by implementing stricter cybersecurity regulations to bolster defence mechanisms.
The report analysed over 62,000 threat detections experienced by Zayo DDoS Protection customers in the first half of 2024. Data was collected from 14 industries across North America and Western Europe, covering the period from 1 January to 30 June 2024. Of these, approximately 29,000 attacks occurred in the first quarter of 2024 and around 34,200 attacks were recorded in the second quarter.
For nearly 30 years, DDoS attacks have remained a persistent threat. The introduction of AI has only exacerbated their frequency and severity, making them more powerful and subversive. Businesses across all industries are urged to recognise that they are potential targets regardless of their size. The financial and reputational damage caused by DDoS attacks can be devastating, with significant revenue losses and long-term harm to brand trust. Additionally, the cost of mitigating attacks and restoring services can drain resources that would otherwise be allocated towards growth and innovation. Implementing a proper network protection strategy is essential for businesses to safeguard against this growing menace.