Network-layer DDoS attack trends for Q2 2020

In Q2 2020, the number of L3/4 DDoS attacks observed over Cloudflare's network doubled compared to that in Q1. The scale of the largest L3/4 DDoS attacks increased significantly, with some of the largest attacks ever recorded observed during this period. More attack vectors were deployed and attacks were more geographically distributed. In May 2020, there was a significant increase in the number and size of attacks, coinciding with the heightened global pandemic situation. Small attacks continued to dominate in numbers as big attacks got bigger in size. The majority of L3/4 DDoS attacks observed in Q2 peaked below 10 Gbps, but these 'small' attacks can still easily cause an outage or service degradation if not protected by a cloud-based DDoS mitigation service. In terms of duration, 83% of all attacks lasted between 30 to 60 minutes. The largest DDoS attack on Cloudflare's network in Q2 was detected and mitigated automatically, with no impact to performance due to the size and global coverage of their network. The United States received the most number of L3/4 DDoS attacks, followed by Germany, Canada, and Great Britain. In terms of total attack bytes mitigated, the United States led, but was followed by Hong Kong, Russia, Germany, and Colombia. 57% of all L3/4 DDoS attacks in Q2 were SYN floods, with a total of 39 different types of attack vectors used. Cloudflare's three-pronged protection approach includes Gatebot for detecting and mitigating globally distributed volumetric DDoS attacks, dosd for analyzing traffic and applying local mitigation rules when needed, and flowtrackd for detecting and mitigating the most randomized and sophisticated TCP-based DDoS attacks.