In 2023, 87% of DDoS attacks targeted devices running the Windows operating system

New data from Nexusguard DDoS attack statistical trends report for 2024 reveals that bad actors are changing their DDoS tactics.

Computers and servers became the main target of attacks, accounting for 92% of DDoS attempts compared to just 68% the previous year.

The attacks are also becoming shorter and less frequent, but more powerful. While the overall number of attacks decreased by 55% in 2023, the volume of attacks increased by 233%.

The number of attacks lasting 90 minutes increased by 22%. This attack duration now accounts for 81% of all DDoS attacks, while the most sustained attacks lasting over 1,200 minutes have seen a sharp decline of 95%.

“The way cybercriminals operate is to cause maximum disruption with minimum effort,” says Donny Chong.

He adds: “Modern cybersecurity tools have become so advanced that bad actors are forced to look for opportunities to attack where the briefest disruption causes the most devastation. This is probably why we are seeing more and more high-profile DDoS attacks on governments and the public sector, where even short interruptions can have serious consequences.”

“Politically charged hacktivism is becoming an increasingly common motivation for many modern DDoS attacks. We expect this will make key services in areas such as the public sector, government and finance even more vulnerable, raising the importance of national security and global diplomacy.”

Application attacks have clearly shifted towards devices running the Windows operating system, accounting for 87% of all DDoS targets in 2023 compared to just 15% the previous year. Computers and servers accounted for 92% of DDoS targets compared to 8% for mobile devices – a huge change from the previous year when desktop/servers and mobile devices accounted for 32% compared to 68%.

“Several reasons could explain this extreme change in target devices,” adds Chong.

“New vulnerabilities discovered in the Windows operating system or more sophisticated malware may have made it easier to compromise these systems. Botnets are also evolving, so attackers may want to leverage the more powerful computing resources provided by computers and servers to achieve more effective attacks.

“Never mind, no system is infallible. Real-world examples of DDoS attacks in 2023, such as the exploitation of Microsoft Exchange server vulnerabilities and the increase in ransom DDoS attacks, are a stark reminder of the tangible impacts of these attacks.”

Attackers continue to use techniques to launch massive attacks with limited resources. NTP amplification attacks remain the most important attack vector for achieving this, representing over a quarter (26%) of attacks. However, in 2023, the number of these attacks decreased by 17%, suggesting that improved network configurations and greater security awareness are mitigating their effects.

In a sign of adaptation on the part of bad actors, two other attack vectors quickly benefit from NTP enhancement:

  • HTTPS Flood, which is characterized by the subtlety of mimicking legitimate traffic, accounted for 21% of attacks in 2023, up from 12% in 2022.
  • DNS Amplification saw the most significant increase, accounting for 14% of attacks in 2023, up from just 2% in 2022. This rapid growth and its potential to cause large-scale disruptions highlight a significant vulnerability in global internet infrastructure.

More broadly, attack categories are changing: the fastest growing threat category in 2023 was application attacks (e.g. HTTP/HTTPS attacks by groups like Killnet), which increased by 79% y/y in 2023, accounting for 25 % of DDoS attacks, which highlights the tenacity of hackers in their desire to adapt to today’s advanced cybersecurity tools.

Recommended reading

Volumetric attacks (direct flooding) accounted for 24%, down 30% year-over-year, suggesting that network infrastructure is becoming better equipped to absorb high traffic, or that attackers are simply changing their strategies towards more sophisticated methods.

Finally, single-vector attacks dominate 93% of DDoS attacks, again highlighting that bad actors are prioritizing techniques that are simpler to execute, require fewer resources, and require less expertise. These attacks effectively disrupt operations and services, blend more easily with legitimate traffic, and can quickly spread to broad targets.