DDoS stands for Distributed Denial of Service, and a DDoS attack is a cyber onslaught where bad actors make network resources or devices unavailable to their users. They do this by temporarily or indefinitely disrupting the services of a host with an internet connection.
A typical DDoS attack floods a website’s resources with more traffic than it can handle, overwhelming the target and rendering it useless.
Let’s take a look at some DDoS statistics and how these attacks affect the world of internet usage.
Key DDoS Statistics
- DDoS attacks cost between $20,000 to $40,000 per hour on average.
- The largest DDoS attack was the Google Attack in 2020, which recorded a peak of 2.5 Tbps.
- The average size of a DDoS attack in 2019 was 12 Gbps
- The frequency of DDoS attacks has increased more than 2.5 times over the last three years.
- The number one motivation for DDoS attacks is to demonstrate attack capabilities.
- In 2016, 86% of DDoS attacks used multiple attack types.
- It costs as little as $5 to hire a cybercriminal to perform a DDoS attack.
DDoS Attack Statistics
1. DDoS attacks cost between $20,000 to $40,000 per hour on average.
DDoS attacks could affect any business, from eCommerce sites to tech, and the damages they incur can be monumental. On average, a typical DDoS attack can cost a company between $20,000 and $40,000 per hour.
2. The number one motivation for DDoS attacks is to demonstrate attack capabilities.
The primary motivation for carrying out a DDoS attack is to showcase a hacker’s capabilities. Gaming and extortion attempts came are the second- and third-biggest reasons.
3. The frequency of DDoS attacks has increased more than 2.5 times over the last three years.
There’s an evident recent increase in DDoS attacks; according to statistics, the frequency of cyberattacks involving DDoS has more than doubled in the last three years. With so many websites on the Internet, there’s no telling which one will be hit next.
4. The largest DDoS attack was the Google Attack in 2017, which recorded a peak of 2.5 Tbps.
The Github attack in 2018 was formerly the most significant DDoS attack in history, clocking in at 1.35 terabits per second and lasting for roughly 20 minutes. However, in 2020, Google’s Threat Analysis Group published an update on their biggest attack, which occurred in 2017. It lasted for six months and peaked at 2.5 Tbps.
5. 86% of DDoS attacks in 2016 used multiple attack types.
DDoS attack stats show that in 2016, 86% of DDoS attacks employed multiple types of attacks. This type of strategy is even more challenging to prevent or defend against, as they all use different methods to flood your network and device simultaneously.
6. It costs as little as $5 to hire a cybercriminal to perform a DDoS attack.
Few things are as simple as a Google search, but finding a cybercriminal to carry out a DDoS attack for you seems to be a close second. Hiring one can run you as little as $5; you’d probably spend more on buying a surge protector or 3D printer than to have someone disrupt someone else’s work and life, perhaps irrevocably so.
DDoS Statistics – How Bad Are These Attacks?
7. The average size of a DDoS attack in 2019 was 12 Gbps.
(Help Net Security)
The average DDoS attack had a traffic size of about 26.37 Gbps in 2018. In 2019, the average size decreased significantly thanks to the FBI’s clampdown on DDoS-for-hire sites, and has since dropped to 12 Gbps.
8. The number of DDoS attacks is expected to double to 15.4 million by 2023.
According to a report based on data from 2017, Cisco projects that the number of DDoS attacks globally will double to 15.4 million by 2023.
9. DDoS attacks account for more than 5% of all monthly gaming-related traffic.
According to DDoS attack statistics, 5% of all monthly gaming-related traffic can be attributed to DDoS attacks. What’s more, over 30% of gaming traffic during active play can also be attributed to DDoS attacks.
10. 32% of serious DDoS attacks coincided with a network intrusion.
According to a recent survey, 32% of DDoS attacks happened at the same time a network intrusion was occurring. In other words, network intrusions seem to serve as convenient opportunities to open a backdoor and launch an attack.
11. The longest DDoS attack in 2020 lasted for 302 hours
The duration of the longest DDoS attack in Q4 of 2020 was 302 hours, or about 12 days, exceeding the Q3 maximum of 246 hours.
DDoS Statistics for the US
12. 20% of companies with a minimum of 50 employees reported suffering at least one DDoS attack.
Medium-sized businesses have a one-in-five chance of being the victim of a DDoS attack.
13. The telecommunications, financial services, and IT industries are the top three industries most likely to suffer from a DDoS attack.
While all businesses and industries can become victims of DDoS attacks, the three most likely fields to combat them are telecommunications, IT, and financial services.
14. The US was the second most DDoS-targeted country in the world in Q3 2020 (15.75% of all attacks).
China was the most targeted, drawing in 72.83% of all attacks.
The Effects and Consequences of DDoS in Data and Statistics
15. Of all DDoS attacks, 50% lead to a service disruption, while 24% of DDoS attacks lead to services being completely unavailable.
The effects of a DDoS attack may vary, but 50% of them lead to a disruption of services. 24% of DDoS attacks render services entirely unavailable to users. 74% of the attacks that lead to a noticeable disruption of services coincided with another security issue, like a network intrusion or other network attacks.
16. 26% of all DDoS attacks lead to the loss of sensitive data.
The primary goal of most DDoS attacks is to slow down or crash a website. Unfortunately, 26% of total DDoS attacks result in the sometimes permanent loss of sensitive data.
The Top DDoS Attacks Worldwide
Some of the DDoS attacks we’ve witnessed are hard to believe, but they sure did happen:
- The aforementioned Google attack in 2017, peaking at 2.5 Tbps, is the biggest DDoS attack.
- The Amazon Web services attack in 2020, which lasted for three days and peaked at 2.3 Tbps.
- The Mirai Krebs and OVH DDoS attacks in 2016. OVH’s attack was driven by 145,000 bots, and its generated traffic went up to 1.1 Tbps, lasting for about seven days. Additionally, in a famous DDoS attack in the cyber tech space, the assault on cybersecurity expert Brian Krebs’ blog was in excess of 620 Gbps.
- The Mirai Dyn DDoS Attack in 2016 is considered to be perhaps the worst DDoS attack in the world, as it shut down high-profile websites such as HBO, PayPal, Airbnb, Reddit, and Twitter.
DDoS attacks are an undeniable part of today’s world. Curbing them is difficult, as DDoS allows for a startling number of requests to be sent to the host, creating a supercharged attack. It is also difficult to identify the source of the attack and protect yourself from future ones. Practically speaking, DDoS attacks are almost inevitable.
However, if DDoS stats, especially those from 2019, are anything to go by, shutting down sources, such as DDoS-for-hire sites, can lead to a significant drop in the frequency of these attacks. And that’s not all that can be done:
Developing a Denial of Service response plan is often the best step to take. Since almost nothing can be done when you get hit with a DDoS attack, the best option is to be proactive beforehand. Note, however, that the bigger your business, the more teams might be impacted and therefore need to be taught how to respond. In these cases, a systems checklist will most likely come in handy. Unfortunately, DDoS hacking statistics show that most attacks are accompanied by or subsequent to another security breach; therefore, a robust network infrastructure goes a long way. This involves protecting yourself with the strongest of firewalls (like the one from Glasswire), a strong VPN, anti-spam tools (e.g., ZoneAlarm), adequate content delivery systems, load balancing, and other layers of DDoS defense.
How many DDoS attacks occur on a regular basis?
As of March 2020, at least 16 DDoS attacks take place every second. Networks like Arbor Networks register at least 2,000 DDoS attacks on a daily basis.
What was the biggest DDoS attack?
The Google Attack in 2020 was the biggest DDoS attack in the US and worldwide, lasting for six months and peaking at 2.5 Tbps.
Why do DDoS attacks happen?
The main reason for DDoS attacks is for hackers to test and demonstrate their abilities. Alternatively, they occur for gaming or ransom extraction purposes.
Are DDoS attacks illegal?
Under the Computer Fraud and Abuse Act, DDoS attacks are illegal. Persons who start or carry out a DDoS attack against any network or service without explicit permission are liable to receive up to 10 years in prison and a fine of up to $500,000.
How long does a DDoS last for?
DDoS attacks can last for as long as 24 hours at a time. However, other DDoS statistics also show that some can last for days or even months on end.