New data highlights surging DDoS attacks, sophisticated threat patterns, and evolving risks across industries
As cybercriminals grow increasingly sophisticated in 2024, organizations worldwide face unprecedented challenges in safeguarding digital assets. Tencent Cloud, leveraging insights from its global network data and EdgeOne security platform, has released a comprehensive analysis of this year’s cyberattack trends, attack origins, and industry-specific risks—along with actionable mitigation strategies.
DDoS Attacks Surge: Smaller-Scale Strikes and Mega-Attacks Coexist
In 2024, Distributed Denial-of-Service (DDoS) attacks have intensified dramatically, with traffic-based attacks rising 144% year-over-year (YoY). Notably:
- Small-scale attacks (<100 Gbps) spiked by 146% YoY, reflecting attackers’ preference for sustained, low-intensity assaults to drain defense resources.
- Mega-attacks (>300 Gbps) grew by 73% YoY, with peak traffic surpassing 1.5 Tbps, signaling heightened destructive capabilities.
Monthly attack bandwidth reached record highs in December 2024 (115% YoY increase), while June, August, and October peaks exceeded 1 Tbps, coinciding with critical business periods like e-commerce promotions and financial settlements.
Global Coordination and Protocol Exploitation
September and December saw “short-burst” attack patterns worldwide, with Europe, the U.S., and Southeast Asia heavily targeted. SYN Flood attacks dominated smaller-scale strikes (58% of sub-100 Gbps incidents), while UDP Flood accounted for 91% of 100–300 Gbps attacks and 69% of >300 Gbps incidents, exploiting legacy protocol vulnerabilities.
HTTP/S Attacks Grow More Complex: Application Layer Under Siege
Application-layer assaults have evolved into highly orchestrated campaigns:
- Small-scale HTTP/S attacks (<100k QPS) surged 491% YoY.
- Mega HTTP/S attacks (>300k QPS) rose 187% YoY, peaking at 2 million QPS.
Attackers increasingly blend low-intensity probing with high-pressure bursts to exploit application-layer weaknesses. Peaks in May, September, and December—aligned with shopping festivals and traffic surges—placed immense strain on e-commerce, finance, and streaming platforms.
Vulnerability Exploits and Traffic Theft: Emerging Threats
High-risk vulnerability attacks surpassed 1.7 billion incidents in 2024. Arbitrary file access vulnerabilities dominated (36.5%), outpacing SQL injection and scanner-based attacks. Meanwhile, traffic theft attacks emerged as a critical threat, particularly in gaming, e-commerce, and cloud storage:
- 2+ PB of fraudulent traffic was intercepted from September–December 2024.
- Gaming accounted for 77% of traffic theft incidents, driven by malicious downloads of large update packages.
Attackers now leverage decentralized IP networks (47,000+ IPs in Q4, up 367%) and mimic legitimate user behavior, rendering traditional IP blacklists ineffective.
Case Study: EdgeOne Thwarts Advanced Bot-Driven Assault
A global live-streaming platform faced a multi-vector application-layer DDoS attack in 2024, characterized by:
- Botnets with JavaScript execution capabilities bypassing basic security challenges.
- Customized clients mimicking legitimate endpoints and forging TLS fingerprints.
- Exploitation of HTTP/2 vulnerabilities to drain platform resources.
Tencent Cloud EdgeOne mitigated the attack through client fingerprinting, TLS fingerprint analysis, and adaptive rate limiting, showcasing its ability to counter hybrid, large-scale threats.
Industry-Specific Risks and Recommendations
The cloud infrastructure and data services sector endured over 60,000 attacks in 2024—the highest across industries. As businesses accelerate cloud adoption, securing these environments is paramount.
Tencent Cloud EdgeOne recommends:
- Deploy edge-native security solutions with distributed scrubbing capacity to absorb volumetric attacks.
- Leverage advanced fingerprinting (TLS, client behavior) to detect sophisticated bots.
- Adopt multi-dimensional rate limiting and clustering analysis for real-time threat response.
- Harden infrastructure by closing unused ports, filtering reflection protocols (DNS/NTP), and regionalizing traffic.
- Implement proactive baselining to whitelist trusted clients during non-attack periods.
Conclusion: Building Resilience in a Hyperconnected Era
“Cybercriminals are weaponizing both scale and precision in 2024,” stated a Tencent Cloud Security spokesperson. “Organizations must prioritize adaptive defenses that blend AI-driven insights with global threat intelligence. EdgeOne exemplifies this approach, enabling businesses to neutralize evolving risks without compromising performance.”
As attacks grow more transnational and persistent, Tencent Cloud EdgeOne remains a cornerstone for enterprises seeking to safeguard their digital frontiers.
Learn more about Tencent Cloud EdgeOne’s security capabilities at Tencent Cloud EdgeOne.
