DDoS attacks surge 106%

Zayo Group has released its bi-annual Distributed Denial of Service (DDoS) Insights Report, which found the company observed a 106% increase in attack frequency from H2 2023. The report also found that an average DDoS attack now lasts 45 minutes—an 18% increase from this time last year—costing unprotected organizations approximately $270,000 per attack at an average rate of $6,000 per minute.

It takes very little time, expertise, or investment to run a DDoS attack, and with the AI boom, bot-based attacks have made it even easier to attack more often, in a more sustained manner, and with more requests per second. Beyond intensifying frequency and duration, AI is also driving the increased pervasiveness of DDoS attacks across many industries. In fact, for the first time in this report’s history, HR and staffing, legal and consulting, and transportation firms surfaced as victims of the top 10% of the largest DDoS attacks seen.

Tema Hassan, senior product manager at Zayo Europe, says, “Recent trends in Distributed Denial-of-Service (DDoS) attacks in Europe reveal a significant escalation in both frequency and sophistication. The number of attacks has surged, driven largely by geopolitical conflicts. This has led to an increase in attacks on critical sectors like financial services, telecommunications, and internet service providers, which are vital to national infrastructure.

“New attack techniques, such as those exploiting vulnerabilities in modern web protocols like HTTP/2, have emerged, adding complexity to the threat landscape. Traditional methods like DNS-based attacks also remain prevalent and have grown in scale. In response, countries within Europe are implementing stricter cybersecurity regulations to bolster defence mechanisms against these evolving threats.”

“As we predicted last year, DDoS attacks in the age of AI have become more persistent and frequent across all industries, and our latest report confirms this heightened level as the new norm. What’s worse, if this trend continues, we expect attacks could increase another 24% by the end of the year." said Max Clauson, SVP of Network Connectivity at Zayo. "The only way to fight back is to add protection to your tech stack. When your business is protected, attackers have no other option but to move on to find an easier target.”

Key Findings by Industry:

Telecommunications companies are still the most-targeted industry, making up 57% of all attacks. Other familiar industries experiencing the most frequent attacks include education (19%), manufacturing (5%), and cloud/SaaS (5%).

Manufacturing has replaced retail as the industry facing the largest DDoS attacks, followed by healthcare (up 128.5% compared to H1 2023). Not only did this industry experience a 308% increase in attack duration from 2023 to 2024, these companies also suffered a 200% increase in DDoS attack size.

Government entities continued to be the victims of the longest duration attacks, with an average attack time of over six hours. This is up 41% from the H1 2023.

Why it Matters. For nearly 30 years, DDoS attacks have been effective and the introduction of AI to deploy and elevate these attacks is only allowing them to evolve, growing more powerful, subversive, and frequent. Every business must understand that it is a target, regardless of industry or size. The financial and reputational damage caused by DDoS attacks can be devastating, leading to significant revenue losses and long-term harm to brand trust. Additionally, the cost of mitigating attacks and restoring services is substantial, draining resources that could be better spent on growth and innovation. The only fighting chance businesses have is to implement a proper network protection strategy.