How have Network Layer DDoS attacks developed over the last decade?
Despite being one of the oldest types of cyberattacks, Distributed Denial of Service attacks still remain the most common cyber threat for organisations. Over the course of years, the attackers’ aim has not changed: to overwhelm and disrupt online services, rendering them inaccessible to legitimate users.
However, over the past decade, DDoS attacks have evolved significantly in terms of size and impact. We constantly hear reports of “record-breaking DDoS attacks”, and the frequency of this news seems to have increased within the last months.
In this article, we will have a critical look at the development of network layer DDoS attacks, and asses have the attacks actually increased, and in what way.
Measuring network layer DDoS attacks
To measure the scale and impact of network layer DDoS attacks, we typically use two metrics: packets per second (pps) and bits per second (bps).
Packets per second (pps) represent the number of individual packets sent to the target per second, regardless of their size. This metric is critical for network-layer attacks (Layers 3 and 4), where the attacker aims to overwhelm network infrastructure by exceeding its packet-processing capacity.
Bits per second (bps) measures the total data transferred per second. This metric is especially useful in evaluating network-layer attacks that aim to saturate the bandwidth of the target or its upstream provider.
Another relevant way of measuring a DDoS attack is requests per second (rps). This is a particularly relevant metric for application layer (L7) attacks. However, for the sake of focusing on network-layer attacks (L3 and L4), we will leave this metric out of scope in this article.
Exponential growth of L3 and L4 attacks
Over the last decade, DDoS attacks have grown exponentially in size. In terms of bits per second (bps), In the early 2010’s it was typical to measure large attacks in Gigabits per second (Gbps) scale. These days, significant attacks are reported in Terabits per second (Tbps). The change in measurement scale gives some indication of the change in volumes.
How about the largest reported attacks? The growth in attack sizes seems to be linear, but the frequency of record-breaking DDoS reports has certainly increased. In the chart below we have listed the publicly reported attacks, which gives an indication of the development, even though many attacks are likely going unreported and therefore not providing the full picture.
Some of the publicly available data from Google and Cloudlfare indicate the same direction of development. Historical data from Google reveals a rising trend in bits per second during DDoS attacks observed between 2010 and 2022. This increase highlights a significant escalation in attack volume across the decade.
Data from Cloudflare regarding large mitigated DDoS attacks observed in 2023 and 2024 shows a similar escalation. The rate of packets per second (pps) demonstrates a slight exponential growth over time, rising from 230 Mpps in 2015 to 2,100 Mpps in 2024. For bits per second (bps), the trend is also exponential and with a steeper upwards curve, building from a 309 Gbps attack in 2013 to a 5.6 Tbps (5,600 Gbps) attack in 2024.
As a conclusion, it is safe to say network layer attacks have seen significant increase. Based on publicly available data, over the last decade attacks driving these metrics have grown 10-20 fold: Bits per second increased by 20x between 2013 and 2024, and Packets per second increased by 10x between 2015 and 2024. Additionally, the devices used for DDoS attacks, the attack vectors, and the duration of attacks have also evolved over time. We will explore these aspects in more detail in subsequent blog posts, providing a deeper understanding of the changing landscape and how organisations can better protect themselves.
About FastNetMon
FastNetMon delivers versatile DDoS detection software for companies at any scale. With extensive experience in the telecom, mobile, and cloud computing industries, we take pride in preventing DDoS attacks and protecting our customers’ networks to the highest standard.
Find out more: https://fastnetmon.com/