45+ DDoS Attack Statistics: Key Data and Takeaways for 2025

The aim of a distributed denial of service (DDoS) attack is to overwhelm a network or server resources to force an interruption of work. Using malware causes the network’s systems to make hundreds of thousands, or even millions, of requests per second. The server fails to respond to each, triggering downtime. 

This downtime costs the organization millions of dollars in lost business opportunities. The money needed to recover from DDoS adds to the ongoing financial losses. Clever businesses adopt DDoS protection software to safeguard their networks. 

The statistics below explore the current state of DDoS. They talk about the magnitude of attacks, duration, costs, and other factors. 

General DDoS attack statistics

Below are some relevant statistics on DDoS attacks that showcase what’s new and yet to come with this kind of cyber attack.

• There were 1.7 million HTTP DDoS attacks, 1.5 million DNS DDoS attacks, and 1.3 million L3/4 DDoS attacks in Q1 2024.
• Data centers in the US ingested more than 40% of L3/4 DDoS attacks in Q1 2024. Germany remains the second largest source of similar attacks. Brazil, Singapore, Russia, South Korea, Hong Kong, United Kingdom, Netherlands, and Japan account for the third largest source of attacks.
• In Q1 2024, information technology and the internet were the most attacked industries in Africa and Europe, while marketing and advertising were the most attacked industries in North America.

• Botnets, which use over 15 million infected IP addresses globally, are standard tools for launching DDoS attacks. Though other variants exist, Mirai malware frequently creates these botnets. In 2024, a Mirai variant botnet was responsible for four out of every 100 HTTP DDoS attacks and two out of every 100 L3/4 DDoS attacks.
• DNS-based DDoS attacks grew to 54% in Q1 2024, 80% higher than the previous year. 
• Jenkins Flood, a DDoS attack vector, exploits vulnerabilities in Jenkins automation server software. It launched 826% more attacks QoQ in 2024. 
• Global cybercrime damage is predicted to hit $10.5 trillion annually by 2025
• Global spending on cybersecurity products and services will reach $1.75 trillion cumulatively from 2021 to 2025.

The rise of DDoS

Threat actors have grown smarter and sneakier. Modern hackers disguise DDoS attacks as genuine traffic, making them harder to detect. The stats below make it obvious they’re on the rise. 

Understanding their growth trajectory will help you respond in a way these bigger magnitude attacks would assume. 

• In Q1 2024, the rate of DDoS attacks escalated. HTTP DDoS attacks went up by 93% year over year, and network layer DDoS attacks went up by 28% year over year.
• The average attack size increased by 233.33% in 2024.
• A strategic shift is observed, such as in DDoS attacks, meaning malicious agents aim to launch more impactful assaults. The largest DDoS attack reached 700 Gbps, 30.92% more than in 2023.
• One out of every 10 HTTP DDoS attacks targeted the US, followed by China, Canada, Vietnam, Indonesia, Singapore, Hong Kong, Taiwan, Cyprus, and Germany.

• China experienced the most network-layer DDoS attacks, almost 39% of all DDoS attacks in Q1 2024. 
• In Q1 2024, ransom DDoS attacks decreased by 22% QoQ.
• HTTP DDoS attacks shot up by 51% in Q1 2024.
• Some say there are approximately 23,000 DDoS attacks every day globally. Others claim over 40,000.
• Application-layer DDoS attacks shot up by 5% from the previous quarter.
• In 2024, Poland experienced the most cyberattacks in the world.
• In Q3 2024, on average, 7% of users reported being subjected to a Ransom DDoS attack. However, in August 2024, that figure increased to 10% — one out of ten.

Cost of launching a DDoS attack vs. the cost of dealing with one

Launching a DDoS attack is incredibly cost-effective, but the financial losses of recovering from an attack are astronomical. The statistics below compare the financials of DDoS, both for attackers and target victims. 

• Attackers can rent online resources to launch attacks for just $5 per hour. It’s notoriously cheap for the attacker. 
• Online retailers and small businesses lose $ 8,000 to $74,000 for each hour of downtime. 

• Every minute of downtime during a DDoS attack costs $22,000.
• Small or midsize businesses might spend $120,000 to recover from an attack.

Notable DDoS attacks on companies

Some tech giants and reputable companies have suffered DDoS attacks despite having security measures set in place. Some were able to protect their assets, others were not. Continue reading to explore the magnitude of DDoS these companies faced in the recent past.

• When GitHub was attacked in February 2018, it peaked at 126.9 million packets per second. 
• In February 2020, an Amazon Web Services (AWS) customer encountered a vast DDoS attack that exploited a connectionless lightweight directory access protocol (CLDAP) server. The attack sent data to the victim's IP 50-70 times more than usual.
• In November 2021, a powerful DDoS attack targeted a Microsoft Azure client. The attack surged to 3.45 terabytes per second (Tbps) with a packet rate of 340 million packets per second. 

• Gaming and gambling remain the most affected industries, accounting for 49% of DDoS attacks. Technology, financial services, and telecommunications follow them. 
• In Q1 2024, gaming and gambling companies saw a 7.45% spike in application layer attacks from the previous quarter.
• An Asian hosting provider experienced a network layer DDoS attack in Q1 2024, which reached 2 Tbps, while many other attacks exceeded the 1 terabit per second rate WoW. 

DDoS attack size and duration statistics

DDoS attacks vary in size and duration, depending on the severity of the cyber attack. Some come in waves, making them harder to detect. Others might appear to stop, only to resume again. 

The duration of a DDoS attack also has a lot to do with an organization's security posture. Modern attacks grow more potent and lasting every day. Let’s look at the why and how behind it.

• Most DDoS attacks are brief, typically lasting under 10 minutes. However, the longest attack in H1 2024 lasted 16 hours.
• An average DDoS attack utilizes 5.17 gigabytes per second (Gbps). 
• DDoS attacks harness 3-5 nodes on diverse networks to attack a target victim. 
• Massive DDoS attacks can surpass 71 million requests per second. 

• Friday is the day of choice for DDoS attacks, with 15.36% of attacks happening on Fridays. Conversely, Thursday observed the lowest number of DDoS attacks (12.99%).
• The average duration of DDoS attacks was 68 minutes across industries in 2024.
• The healthcare industry experienced an average attack size of 1.8 Gbps, which is significant because of the Russian Killnet DDoS attack in 2023.

Fight back

DDoS attacks are ready and on the rise. The stats above indicate a growing threat for businesses and individuals, but we can protect ourselves with comprehensive cybersecurity measures. 

Conduct regular security audits and train your people on best security practices. Delve into your cybersecurity strategy for potential gaps and close them before they put a hole in your pocket. 

Learn more about how to stop the malicious traffic of a DDoS attack.