Network-layer DDoS attack trends for Q3 2020

DDoS attacks are increasing in frequency and sophistication, with a 4x increase in network layer attacks compared to pre-COVID levels. The majority of these attacks are under 500 Mbps and 1 Mpps, but can still cause service disruptions. Ransom-driven DDoS (RDDoS) attacks are on the rise, with groups claiming to be Fancy Bear, Cozy Bear, and Lazarus Group extorting organizations worldwide. The number of L3/4 DDoS attacks observed by Cloudflare increased substantially in Q3, with a majority of attacks being under 1 hour in duration. Smaller attacks are becoming more common, potentially serving as smokescreens for other cyberattacks or as proof and warning to target organizations. Attack vectors such as SYN floods, RST floods, UDP floods, mDNS, Memcached, and Jenkins attacks have seen an increase in Q3. The United States observed the most number of L3/4 DDoS attacks, followed by Germany and Australia. Cloudflare's mission is to help build a better Internet, which grounds their approach to DDoS protection.