Omer Yoachimik

Author Archives: Omer Yoachimik

Introducing Cloudflare’s new Network Analytics dashboard

Introducing Cloudflare’s new Network Analytics dashboard
Introducing Cloudflare’s new Network Analytics dashboard

We’re pleased to introduce Cloudflare’s new and improved Network Analytics dashboard. It’s now available to Magic Transit and Spectrum customers on the Enterprise plan.

The dashboard provides network operators better visibility into traffic behavior, firewall events, and DDoS attacks as observed across Cloudflare’s global network. Some of the dashboard’s data points include:

  1. Top traffic and attack attributes
  2. Visibility into DDoS mitigations and Magic Firewall events
  3. Detailed packet samples including full packets headers and metadata
Introducing Cloudflare’s new Network Analytics dashboard
Network Analytics - Drill down by various dimensions
Introducing Cloudflare’s new Network Analytics dashboard
Network Analytics - View traffic by mitigation system

This dashboard was the outcome of a full refactoring of our network-layer data logging pipeline. The new data pipeline is decentralized and much more flexible than the previous one — making it more resilient, performant, and scalable for when we add new mitigation systems, introduce new sampling points, and roll out new services. A technical deep-dive blog is coming soon, so stay tuned.

In this blog post, we will demonstrate how the dashboard helps network operators:

  1. Understand their network better
  2. Respond to DDoS attacks faster
  3. Easily generate security reports for peers and managers

Understand your network better

One of the main responsibilities network operators bare is ensuring the operational stability Continue reading

DDoS threat report for 2023 Q1

DDoS threat report for 2023 Q1
DDoS threat report for 2023 Q1

Welcome to the first DDoS threat report of 2023. DDoS attacks, or distributed denial-of-service attacks, are a type of cyber attack that aim to overwhelm Internet services such as websites with more traffic than they can handle, in order to disrupt them and make them unavailable to legitimate users. In this report, we cover the latest insights and trends about the DDoS attack landscape as we observed across our global network.

Kicking off 2023 with a bang

Threat actors kicked off 2023 with a bang. The start of the year was characterized by a series of hacktivist campaigns against Western targets including banking, airports, healthcare and universities — mainly by the pro-Russian Telegram-organized groups Killnet and more recently by AnonymousSudan.

While Killnet-led and AnonymousSudan-led cyberattacks stole the spotlight, we haven’t witnessed any novel or exceedingly large attacks by them.

Hyper-volumetric attacks

We did see, however, an increase of hyper-volumetric DDoS attacks launched by other threat actors — with the largest one peaking above 71 million requests per second (rps) — exceeding Google’s previous world record of 46M rps by 55%.

Back to Killnet and AnonymousSudan, while no noteworthy attacks were reported, we shouldn't underestimate the potential risks. Unprotected Internet Continue reading

Cloudflare mitigates record-breaking 71 million request-per-second DDoS attack

Cloudflare mitigates record-breaking 71 million request-per-second DDoS attack
Cloudflare mitigates record-breaking 71 million request-per-second DDoS attack

This was a weekend of record-breaking DDoS attacks. Over the weekend, Cloudflare detected and mitigated dozens of hyper-volumetric DDoS attacks. The majority of attacks peaked in the ballpark of 50-70 million requests per second (rps) with the largest exceeding 71 million rps. This is the largest reported HTTP DDoS attack on record, more than 35% higher than the previous reported record of 46M rps in June 2022.

The attacks were HTTP/2-based and targeted websites protected by Cloudflare. They originated from over 30,000 IP addresses. Some of the attacked websites included a popular gaming provider, cryptocurrency companies, hosting providers, and cloud computing platforms. The attacks originated from numerous cloud providers, and we have been working with them to crack down on the botnet.

Cloudflare mitigates record-breaking 71 million request-per-second DDoS attack
Record breaking attack: DDoS attack exceeding 71 million requests per second

Over the past year, we’ve seen more attacks originate from cloud computing providers. For this reason, we will be providing service providers that own their own autonomous system a free Botnet threat feed. The feed will provide service providers threat intelligence about their own IP space; attacks originating from within their autonomous system. Service providers that operate their own IP space can now sign up to the Continue reading

Cyberattacks on Holocaust educational websites increased in 2022

Cyberattacks on Holocaust educational websites increased in 2022
Cyberattacks on Holocaust educational websites increased in 2022

Today we mark the International Holocaust Remembrance Day. We commemorate the victims that were robbed of their possessions, stripped of their rights, deported, starved, dehumanized and murdered by the Nazis and their accomplices. During the Holocaust and in the events that led to it, the Nazis exterminated one third of the European Jewish population. Six million Jews, along with countless other members of minority and disability groups, were murdered because the Nazis believed they were inferior.

Seventy eight years later, after the liberation of the infamous Auschwitz death camp, antisemitism still burns with hatred. According to a study performed by the Campaign Against Antisemitism organization on data provided by the UK Home Office, Jews are 500% more likely to be targeted by hate crime than any other faith group per capita.

Cyberattacks targeting Holocaust educational websites

From Cloudflare’s vantage point we can point to distressing findings as well. In 2021, cyberattacks on Holocaust educational websites doubled year over year. In 2021, one out of every 100 HTTP requests sent to Holocaust educational websites behind Cloudflare was part of an attack. In 2022, the share of those cyber attacks grew again by 49% YoY. Cyberattacks represented 1.6% of all Continue reading

Cloudflare DDoS threat report for 2022 Q4

Cloudflare DDoS threat report for 2022 Q4
Cloudflare DDoS threat report for 2022 Q4

Welcome to our DDoS Threat Report for the fourth and final quarter of 2022. This report includes insights and trends about the DDoS threat landscape - as observed across Cloudflare’s global network.

In the last quarter of the year, as billions around the world celebrated holidays and events such as Thanksgiving, Christmas, Hanukkah, Black Friday, Singles’ Day, and New Year, DDoS attacks persisted and even increased in size, frequency, and sophistication whilst attempting to disrupt our way of life.

Cloudflare’s automated DDoS defenses stood firm and mitigated millions of attacks in the last quarter alone. We’ve taken all of those attacks, aggregated, analyzed, and prepared the bottom lines to help you better understand the threat landscape.

Global DDoS insights

In the last quarter of the year, despite a year-long decline, the amount of HTTP DDoS attack traffic still increased by 79% YoY. While most of these attacks were small, Cloudflare constantly saw terabit-strong attacks, DDoS attacks in the hundreds of millions of packets per second, and HTTP DDoS attacks peaking in the tens of millions of requests per second launched by sophisticated botnets.

  • Volumetric attacks surged; the number of attacks exceeding rates of 100 gigabits per second (Gbps) grew by Continue reading

Cloudflare DDoS threat report 2022 Q3

Cloudflare DDoS threat report 2022 Q3

This post is also available in Français, Español, Português, 한국어, 简体中文, 繁體中文, and 日本語.

Cloudflare DDoS threat report 2022 Q3

Welcome to our DDoS Threat Report for the third quarter of 2022. This report includes insights and trends about the DDoS threat landscape - as observed across Cloudflare’s global network.

Multi-terabit strong DDoS attacks have become increasingly frequent. In Q3, Cloudflare automatically detected and mitigated multiple attacks that exceeded 1 Tbps. The largest attack was a 2.5 Tbps DDoS attack launched by a Mirai botnet variant, aimed at the Minecraft server, Wynncraft. This is the largest attack we’ve ever seen from the bitrate perspective.

It was a multi-vector attack consisting of UDP and TCP floods. However, Wynncraft, a massively multiplayer online role-playing game Minecraft server where hundreds and thousands of users can play on the same server, didn’t even notice the attack, since Cloudflare filtered it out for them.

Cloudflare DDoS threat report 2022 Q3
The 2.5 Tbps DDoS attack that targeted Wynncraft — launched by Mirai

Overall this quarter, we've seen:

  • An increase in DDoS attacks compared to last year.
  • Longer-lasting volumetric attacks, a spike in attacks generated by the Mirai botnet and its variants.
  • Surges in attacks targeting Continue reading

Introducing Cloudflare’s free Botnet Threat Feed for service providers

Introducing Cloudflare’s free Botnet Threat Feed for service providers
Introducing Cloudflare’s free Botnet Threat Feed for service providers

We’re pleased to introduce Cloudflare’s free Botnet Threat Feed for Service Providers. This includes all types of service providers, ranging from hosting providers to ISPs and cloud compute providers.

This feed will give service providers threat intelligence on their own IP addresses that have participated in HTTP DDoS attacks as observed from the Cloudflare network — allowing them to crack down on abusers, take down botnet nodes, reduce their abuse-driven costs, and ultimately reduce the amount and force of DDoS attacks across the Internet. We’re giving away this feed for free as part of our mission to help build a better Internet.

Service providers that operate their own IP space can now sign up to the early access waiting list.

Cloudflare’s unique vantage point on DDoS attacks

Cloudflare provides services to millions of customers ranging from small businesses and individual developers to large enterprises, including 29% of Fortune 1000 companies. Today, about 20% of websites rely directly on Cloudflare’s services. This gives us a unique vantage point on tremendous amounts of DDoS attacks that target our customers.

DDoS attacks, by definition, are distributed. They originate from botnets of many sources — in some cases, from hundreds of thousands to millions Continue reading

Introducing Advanced DDoS Alerts

Introducing Advanced DDoS Alerts
Introducing Advanced DDoS Alerts

We’re pleased to introduce Advanced DDoS Alerts. Advanced DDoS Alerts are customizable and provide users the flexibility they need when managing many Internet properties. Users can easily define which alerts they want to receive — for which DDoS attack sizes, protocols and for which Internet properties.

This release includes two types of Advanced DDoS Alerts:

  1. Advanced HTTP DDoS Attack Alerts - Available to WAF/CDN customers on the Enterprise plan, who have also subscribed to the Advanced DDoS Protection service.
  2. Advanced L3/4 DDoS Attack Alerts - Available to Magic Transit and Spectrum BYOIP customers on the Enterprise plan.

Standard DDoS Alerts are available to customers on all plans, including the Free plan. Advanced DDoS Alerts are part of Cloudflare’s Advanced DDoS service.

Why alerts?

Distributed Denial of Service attacks are cyber attacks that aim to take down your Internet properties and make them unavailable for your users. As early as 2017, Cloudflare pioneered the Unmetered DDoS Protection to provide all customers with DDoS protection, without limits, to ensure that their Internet properties remain available. We’re able to provide this level of commitment to our customers thanks to our automated DDoS protection systems. But if the systems operate automatically, why even be Continue reading

Introducing Cloudflare Adaptive DDoS Protection – our new traffic profiling system for mitigating DDoS attacks

Introducing Cloudflare Adaptive DDoS Protection - our new traffic profiling system for mitigating DDoS attacks
Introducing Cloudflare Adaptive DDoS Protection - our new traffic profiling system for mitigating DDoS attacks

Every Internet property is unique, with its own traffic behaviors and patterns. For example, a website may only expect user traffic from certain geographies, and a network might only expect to see a limited set of protocols.

Understanding that the traffic patterns of each Internet property are unique is what led us to develop the Adaptive DDoS Protection system. Adaptive DDoS Protection joins our existing suite of automated DDoS defenses and takes it to the next level. The new system learns your unique traffic patterns and adapts to protect against sophisticated DDoS attacks.

Adaptive DDoS Protection is now generally available to Enterprise customers:

  • HTTP Adaptive DDoS Protection - available to WAF/CDN customers on the Enterprise plan, who have also subscribed to the Advanced DDoS Protection service.
  • L3/4 Adaptive DDoS Protection - available to Magic Transit and Spectrum customers on an Enterprise plan.

Adaptive DDoS Protection learns your traffic patterns

The Adaptive DDoS Protection system creates a traffic profile by looking at a customer’s maximal rates of traffic every day, for the past seven days. The profiles are recalculated every day using the past seven-day history. We then store the maximal traffic rates seen for every predefined dimension value. Every profile Continue reading

Mantis – the most powerful botnet to date

Mantis - the most powerful botnet to date
Mantis - the most powerful botnet to date

In June 2022, we reported on the largest HTTPS DDoS attack that we’ve ever mitigated — a 26 million request per second attack - the largest attack on record. Our systems automatically detected and mitigated this attack and many more. Since then, we have been tracking this botnet, which we’ve called “Mantis”, and the attacks it has launched against almost a thousand Cloudflare customers.

Cloudflare WAF/CDN customers are protected against HTTP DDoS attacks including Mantis attacks. Please refer to the bottom of this blog for additional guidance on how to best protect your Internet properties against DDoS attacks.

Have you met Mantis?

We named the botnet that launched the 26M rps (requests per second) DDoS attack "Mantis" as it is also like the Mantis shrimp, small but very powerful. Mantis shrimps, also known as “thumb-splitters”, are very small; less than 10 cm in length, but their claws are so powerful that they can generate a shock wave with a force of 1,500 Newtons at speeds of 83 km/h from a standing start. Similarly, the Mantis botnet operates a small fleet of approximately 5,000 bots, but with them can generate a massive force — responsible for the largest Continue reading

Introducing Location-Aware DDoS Protection

Introducing Location-Aware DDoS Protection
Introducing Location-Aware DDoS Protection

We’re thrilled to introduce Cloudflare’s Location-Aware DDoS Protection.

Distributed Denial of Service (DDoS) attacks are cyber attacks that aim to make your Internet property unavailable by flooding it with more traffic than it can handle. For this reason, attackers usually aim to generate as much attack traffic as they can — from as many locations as they can. With Location-Aware DDoS Protection, we take this distributed characteristic of the attack, that is thought of being advantageous for the attacker, and turn it on its back — making it into a disadvantage.

Location-Aware DDoS Protection is now available in beta for Cloudflare Enterprise customers that are subscribed to the Advanced DDoS service.

Introducing Location-Aware DDoS Protection

Distributed attacks lose their edge

Cloudflare’s Location-Aware DDoS Protection takes the attacker’s advantage and uses it against them. By learning where your traffic comes from, the system becomes location-aware and constantly asks “Does it make sense for your website?” when seeing new traffic.

For example, if you operate an e-commerce website that mostly serves the German consumer, then most of your traffic would most likely originate from within Germany, some from neighboring European countries, and a decreasing amount as we expand globally to other countries and geographies. If Continue reading

DDoS attack trends for 2022 Q2

DDoS attack trends for 2022 Q2
DDoS attack trends for 2022 Q2

Welcome to our 2022 Q2 DDoS report. This report includes insights and trends about the DDoS threat landscape — as observed across the global Cloudflare network. An interactive version of this report is also available on Radar.

In Q2, we’ve seen some of the largest attacks the world has ever seen including a 26 million request per second HTTPS DDoS attacks that Cloudflare automatically detected and mitigated. Furthermore, attacks against Ukraine and Russia continue, whilst a new Ransom DDoS attack campaign emerged.

The Highlights

Ukrainian and Russian Internet

  • The war on the ground is accompanied by attacks targeting the spread of information.
  • Broadcast Media companies in the Ukraine were the most targeted in Q2 by DDoS attacks. In fact, all the top five most attacked industries are all in online/Internet media, publishing, and broadcasting.
  • In Russia on the other hand, Online Media drops as the most attacked industry to the third place. Making their way to the top, Banking, Financial Services and Insurance (BFSI) companies in Russia were the most targeted in Q2; almost 45% of all application-layer DDoS attacks targeted the BFSI sector. Cryptocurrency companies in Russia were the second most attacked.

Read more about what Cloudflare is doing Continue reading

Tendências de ataques DDoS no segundo trimestre de 2022

Tendências de ataques DDoS no segundo trimestre de 2022
Tendências de ataques DDoS no segundo trimestre de 2022

Bem-vindo ao nosso relatório de DDoS do segundo trimestre de 2022. Este relatório inclui informações e tendências sobre o cenário de ameaças DDoS — conforme observado em toda a Rede global da Cloudflare. Uma versão interativa deste relatório também está disponível no Radar.

No segundo trimestre deste ano, aconteceram os maiores ataques da história, incluindo um ataque DDoS por HTTPS de 26 milhões de solicitações por segundo que a Cloudflare detectou e mitigou de forma automática. Além disso, os ataques contra a Ucrânia e a Rússia continuam, ao mesmo tempo em que surgiu uma campanha de ataques DDoS com pedido de resgate.


Internet na Ucrânia e na Rússia

  • A guerra no terreno é acompanhada por ataques direcionados à distribuição de informações.
  • Empresas de mídia de radiodifusão na Ucrânia foram as mais visadas por ataques DDoS no segundo trimestre. Na verdade, todos os seis principais setores vitimados estão na mídia on-line/internet, publicações e radiodifusão.
  • Por outro lado, na Rússia, a mídia on-line deixou de ser o setor mais atacado e caiu para o terceiro lugar. No topo, estão empresas como bancos, serviços financeiros e seguros (BFSI, na sigla em inglês) do país, que foram as mais visadas no segundo trimestre; Continue reading




毎秒2600万件のリクエストのHTTPS DDoS攻撃をCloudflareが自動的に検出して軽減するなど、第2四半期には、これまでにない大規模な攻撃が発生しています。さらに、ウクライナとロシアに対する攻撃は続いており、新しいランサムDDoS攻撃キャンペーンも出現しています。



  • 地上での戦争は、情報の拡散を狙った攻撃を伴います。
  • 第2四半期に主なDDoS攻撃の標的となったのは、ウクライナの放送メディア企業でした。実際、最も攻撃されている上位6業種は、すべてオンライン/インターネットメディア、出版、放送のものです。
  • 一方、ロシアでは、オンラインメディアが最も攻撃されている業界として第3位に転落しました。トップに向かって進んでいる企業であるため、第2四半期に最も標的とされたのは、ロシアの銀行、金融サービス、保険(BFSI)企業で、アプリケーション層DDoS攻撃全体の約50%がBFSIセクターを標的としていました。ロシアの暗号通貨関連企業は2番目に最も攻撃されました。



  • Fancy Lazarusを名乗るエンティティによるランサムDDoS攻撃の新たな波が来ています。
  • 2022年6月にはランサム攻撃がピークに達し、これまでの1年間で最高となりました。DDoS攻撃を経験した調査回答者の5人に1人が、ランサムDDoS攻撃などの脅威を受けたと回答しています。
  • 第2四半期全体では、ランサムDDoS攻撃の割合が前四半期比で11%増となりました。


  • 2022年第2四半期、アプリケーション層DDoS攻撃は前年比で44%増となりました。
  • 米国の組織が最も狙われ、次いでキプロス、香港、中国と続きます。キプロスにおける組織への攻撃は前四半期比で171%増となりました。
  • 第2四半期に最も標的にされたのは航空・宇宙業界、次いでインターネット業界、銀行・金融サービスおよび保険、そして4位はゲーミング/ギャンブルとなっています。


  • 2022年第2四半期、ネットワーク層DDoS攻撃は前年比で75%増となりました。100Gbps以上の攻撃は前四半期比で19%増、3時間以上継続する攻撃は前四半期比で9%増となりました。
  • 攻撃された上位の業種は、電気通信、ゲーミング/ギャンブル、情報技術およびサービス業界でした。
  • 米国の組織が最も標的にされ、次いでシンガポール、ドイツ、中国と続いています。

本レポートは、CloudflareのDDoS Protectionシステムによって自動的に検知・軽減されたDDoS攻撃に基づいています。この仕組みの詳細については、詳しく書かれたこちらのブログ記事をご覧ください。






第2四半期に脅威や身代金要求メッセージがあったという回答は、前四半期比、前年比ともに11%増となりました。当四半期は、高度で継続的な脅威(APT)グループ、「Fancy Lazarus」を名乗るエンティティが仕掛けたランサムDDoS攻撃を軽減しています。金融機関や暗号通貨企業などを中心にキャンペーンを展開しています。  





アプリケーション層DDoS攻撃(具体的にはHTTP DDoS攻撃)は通常、正当なユーザーリクエストを処理できないようにしてWebサーバーを停止させることを目的とします。処理能力を超えるリクエストが殺到すると、サーバーは正当なリクエストをドロップするか、場合によってはクラッシュし、その結果、正当なユーザーに対するパフォーマンスの低下や障害がに繋がります。




















HTTP DDoS攻撃の主な発生源として、第2四半期連続で米国がトップとなりました。米国に続く2位は中国、3位と4位はインドとドイツです。米国が1位を維持しているにもかかわらず、米国発の攻撃が前四半期比で43%減少した一方で、中国からの攻撃が112%、インドからの攻撃が89%、ドイツからの攻撃が50%と、他の地域からの攻撃は増加しています。



どの国が最もHTTP DDoS攻撃の標的になっているかを特定するため、お客様の請求先国別にDDoS攻撃を分類し、全DDoS攻撃に対する割合で表現しています。

米国を拠点とする国へのHTTP DDoS攻撃は前四半期比で45%増となり、アプリケーション層DDoS攻撃の主な標的として米国が1位に返り咲きました。中国企業への攻撃は前四半期比で79%減となり、1位から4位に下がりました。キプロスへの攻撃は171%増加し、第2四半期に最も攻撃された国第2位となりました。キプロスに続いて、香港、中国、ポーランドが続いています。




























第2四半期において、ネットワーク層に対する全攻撃の56%は、SYNフラッド でした。SYNフラッドは、依然として最も一般的な攻撃ベクトルです。この攻撃は、ステートフルなTCPハンドシェイクの最初の接続リクエストを悪用します。この最初の接続リクエストの間、サーバーは新しいTCP接続に関するコンテキストを持たず、適切な保護がなければ、最初の接続リクエストのフラッドを軽減することが困難であることが分かるかもしれません。このため、攻撃者は保護されていないサーバーのリソースを容易に消費することができます。






第2四半期には、Character Generatorプロトコル(CHARGEN)を悪用した増幅攻撃、露出したUbiquitiデバイスのトラフィックを反映した増幅攻撃、悪名高いMemcached攻撃が新たな脅威の上位にランクインしています。




RFC 864(1983)で最初に定義されたCharacter Generator(CHARGEN)プロトコルは、インターネットプロトコルスイートのサービスで、その名の通り、文字を任意に生成し、クライアントが接続を閉じるまでクライアントへの送信を停止しません。その当初の目的は、テストとデバッグでした。しかし、増幅/リフレクション攻撃を生成するために非常に簡単に悪用される可能性があるため、めったに使用されません。


Ubiquiti Discoveryプロトコルを不正利用した増幅攻撃


Ubiquitiは、米国に拠点を置く企業で、消費者や企業向けにInternet of Things(IoT)デバイスを提供しています。Ubiquitiのデバイスは、UDP/TCPポート10001のUbiquiti Discoveryプロトコルを使用してネットワーク上で見つけることができます。



第2四半期には、Memcached DDoS攻撃は前四半期比で281%増となりました。




L3/4 DDoS攻撃の規模の測定には、さまざまな方法があります。1つは送信するトラフィックの量で、ビットレート(具体的にはテラビット/秒またはギガビット/秒)を使用して測定するものです。もう1つは送信するパケットの数で、パケットレート(具体的には、何百万パケット/秒)を使用して測定するものです。





攻撃規模の変化を見ると、50 kppsを超えるパケット集中型の攻撃が第2四半期に減少し、その結果、小規模な攻撃が4%増加したことがわかります。


















まだCloudflareをお使いでない方は、当社のFreeまたはProプランを使用したWebサイトの保護を今すぐ始めるか、Magic Transitを使用したネットワーク全体の包括的なDDos攻撃対策に関してお問い合わせください。

2022 年第二季度 DDoS 攻击趋势

2022 年第二季度 DDoS 攻击趋势
2022 年第二季度 DDoS 攻击趋势

欢迎阅读我们的 2022 年第二季度 DDoS 攻击报告。本报告介绍有关 DDoS 威胁格局的洞察和趋势——反映了在 Cloudflare 全球网络中观察到的情况。本报告的交互式版本可在 Radar 上查看。

第二季度期间,我们观察到一些全球规模最大的攻击,包括一次 每秒 2600 万次请求的 HTTPS DDoS 攻击,这些攻击均被 Cloudflare 自动检测并缓解。此外,针对乌克兰和俄罗斯的攻击继续,并出现了一场新的勒索 DDoS 攻击活动。



  • 地面战斗伴随着针对信息传播的攻击。
  • 乌克兰的广播媒体公司是第二季度 DDoS 攻击的最主要目标。事实上,受攻击最多的前六个行业均来自在线/互联网媒体、出版和广播。
  • 另一方面,在俄罗斯,在线媒体作为受攻击最多的行业排名下降到第三位。俄罗斯的银行、金融服务和保险(BFSI)公司在第二季度成为最主要的攻击目标;几乎 50% 的应用层 DDoS 攻击均针对 BFSI 领域。俄罗斯的加密货币公司成为攻击的第二大目标。

进一步了解 Cloudflare 如何使开放互联网正常流入俄罗斯,并阻止攻击出境

勒索 DDoS 攻击

  • 我们观察到一波新的勒索 DDoS 攻击,由声称是 Fancy Lazarus 的组织发动。
  • 2022 年 6 月,勒索攻击达到今年以来的最高水平:每 5 个经历过 DDoS 攻击的受访者中就有一个报称遭到勒索 DDoS 攻击或其他威胁。
  • 总体而言,第二季度期间,勒索 DDoS 攻击的比例环比上升了 11%。

应用层 DDoS 攻击

  • 2022 年第二季度期间,应用层 DDoS 攻击环比增长 44%。
  • 美国的组织受到最多攻击,其次是塞浦路斯、中国香港和中国内地。针对塞浦路斯境内组织的攻击环比增长 171%。
  • 航空航天行业是第二季度受到最多攻击的行业,其次是互联网行业,银行、金融服务和保险,以及第四位的博彩行业。

网络层 DDoS 攻击

  • 2022 年第二季度期间,网络层 DDoS 攻击环比增长 75%。100 Gbps 及更大的攻击增长19%,持续 3 小时以上的攻击环比增长 9%。
  • 受到最多攻击的行业为电信,游戏/博彩,信息技术和服务行业。
  • 受到最多攻击的是位于美国的组织,其次是新加坡、德国和中国内地。

本报告基于 Cloudflare DDoS 防护系统自动检测并缓解的 DDoS 攻击。如需进一步了解其工作原理,请查看这篇深入剖析的博客文章

简要说明一下我们如何测量在我们网络上观察到的 DDoS 攻击。

为分析攻击趋势,我们计算 “DDoS 活动”率,即攻击流量占我们全球网络上观察到的总流量(攻击+干净)、或在特定地点、或特定类别(如行业或账单国家)流量中的百分比。通过测量百分比,我们能够对数据点进行标准化,并避免绝对数字所反映出来的偏差。例如,如果某个 Cloudflare 数据中心接收到更多流量,则其也可能受到更多攻击。


我们的系统持续分析流量,并在检测到 DDoS 攻击时自动应用缓解措施。每个遭受 DDoS 攻击的客户都会收到自动调查的提示,以帮助我们更好地了解攻击的性质和缓解是否成功。

两年多来,Cloudflare 一直对受到攻击的客户进行调查,其中一个问题是客户是否收到勒索信,要求其支付赎金来换取停止 DDoS 攻击。

第二季度期间,报称收到威胁或勒索信的受访者数量较上一季度和去年同期分别增加 11%。本季度期间,我们缓解了多次勒索 DDoS 攻击,发动者声称是高级持续性威胁(APT)组织 “Fancy Lazarus”。这些攻击活动的主要目标是金融机构和加密货币公司。  

2022 年第二季度 DDoS 攻击趋势
报告遭受勒索 DDoS 攻击或在攻击前收到威胁的受访者所占百分比。

第二季度的详细数据显示, 6 月期间,有五分之一的受访者报称遭到一次勒索 DDoS 攻击或威胁——为 2022 年比例最高的月份,也是 2021 年 12 月以来的最高水平。

2022 年第二季度 DDoS 攻击趋势

应用层 DDoS 攻击

应用层 DDoS 攻击,特别是 HTTP DDoS 攻击,旨在通过使 HTTP 服务器无法处理合法用户请求来造成破坏。如果服务器收到的请求数量超过其处理能力,服务器将丢弃合法请求甚至崩溃,导致对合法用户的服务性能下降或中断。

2022 年第二季度 DDoS 攻击趋势

应用层 DDoS 攻击月度分布

第二季度,应用层 DDoS 攻击环比增长 44%。

总体而言,应用层 DDoS 攻击同比增长 44%,但环比减少 16%。5 月是该季度期间攻击最活跃的月份。近 47% 的应用层 DDoS 攻击发生在 5 月,而 6 月的攻击最少(18%)。

2022 年第二季度 DDoS 攻击趋势

应用层 DDoS 攻击:行业分布

对航空航天行业发动的攻击环比增长 256%。


2022 年第二季度 DDoS 攻击趋势



随着乌克兰的战事在海陆空继续,网络空间的对抗也在继续。以乌克兰公司为目标的实体似乎在试图掩盖信息。在乌克兰,受到攻击最多的六大行业均在广播、互联网、在线媒体和出版领域——占乌克兰所遭受 DDoS 攻击总数的接近 80%。

2022 年第二季度 DDoS 攻击趋势

在战争的另一方,俄罗斯银行、金融机构和保险行业(BFSI)公司受到最多攻击。接近一半的 DDoS 攻击以 BFSI 领域为目标。第二大目标是加密货币行业,其次为在线媒体。

2022 年第二季度 DDoS 攻击趋势


应用层 DDoS 攻击:来源国家/地区分布

第二季度,源于中国的攻击增长112%,而来自美国的攻击减少 43%。

为了解 HTTP 攻击的来源,我们查看产生攻击的 HTTP Continue reading

2022 年第二季度 DDoS 攻擊趨勢

2022 年第二季度 DDoS 攻擊趨勢
2022 年第二季度 DDoS 攻擊趨勢

歡迎閱讀我們的 2022 年第二季 DDoS 報告。本報告包括有關 DDoS 威脅情勢的深入解析與趨勢,這些資訊從全球 Cloudflare 網路中觀察所得。Radar 上也會提供本報告的互動版本。

第二季度,我們看到了有史以來最大的一些攻擊,包括 Cloudflare 自動偵測並緩解的每秒 2600 萬個請求的 HTTPS DDoS 攻擊。此外,針對烏克蘭和俄羅斯的攻擊仍在繼續,而新的 DDoS 勒索攻擊活動又出現了。



  • 地面戰爭伴隨著針對資訊傳播的攻擊。
  • 烏克蘭的廣播媒體公司成為第二季度 DDoS 攻擊的最大目標。事實上,前六大最受攻擊的產業均為網路/網際網路媒體、出版業和廣播業。
  • 另一方面,在俄羅斯,網路媒體曾經是遭受攻擊最多的產業,如今下降到第三位。第二季度,俄羅斯的銀行、金融服務及保險業 (BFSI) 公司成為遭受攻擊最多的公司,躍居首位;BFSI 產業成為幾乎 50% 的應用程式層 DDoS 攻擊的目標。俄羅斯的加密貨幣公司是遭受攻擊第二多的公司。

更一步瞭解 Cloudflare 如何讓開放式網際網路流量流入俄羅斯,同時避免向外展開攻擊

DDoS 勒索攻擊

  • 我們觀察到新一波 DDoS 勒索攻擊,由自稱 Fancy Lazarus 的實體發出。
  • 2022 年 6 月,勒索攻擊達到今年以來的最高水準:每五名經歷過 DDoS 攻擊的問卷調查受訪者中,就有一人報告受到 DDoS 勒索攻擊或其他威脅。
  • 整體來說,第二季度 DDoS 勒索攻擊環比增長 11%。

應用程式層 DDoS 攻擊

  • 2022 年第二季度,應用程式層 DDoS 攻擊同比增長 44%。
  • 位於美國的組織是此類攻擊的主要目標,其次是賽普勒斯、香港和中國。針對賽普勒斯組織的攻擊數環比增長 171%。
  • 第二季度,航空和太空產業遭受此類攻擊最多,其次是網際網路產業、銀行業、金融服務業及保險業,而遊戲/博彩業則位居第四。

網路層 DDoS 攻擊

  • 2022 年第二季度,網路層 DDoS 攻擊數同比增長 75%。100 Gbps 及以上的攻擊數環比增長 19%,持續 3 小時以上的攻擊數環比增長 9%。
  • 遭受此類攻擊最多的產業分別是電信業、遊戲/博彩以及資訊技術和服務業。
  • 美國的組織是此類攻擊的主要目標,其次是新加坡、德國和中國。

本報告基於 Cloudflare 的 DDoS 防護系統自動偵測和緩解的 DDoS 攻擊數。如需深入瞭解該系統的運作方式,請查看此深度剖析部落格貼文

有關我們如何衡量在網路中觀察到的 DDoS 攻擊的說明

為分析攻擊趨勢,我們會計算「DDoS 活動」率,即攻擊流量在我們的全球網路中、特定位置或特定類別(如行業或帳單國家/地區)觀察到的總流量(攻擊流量+潔淨流量)中所佔的百分比。透過衡量這些百分比,我們能夠標準化資料點並避免以絕對數字反映而出現的偏頗,例如,某個 Cloudflare 資料中心接收到更多的總流量,因而發現更多攻擊。


我們的系統會持續分析流量,並在偵測到 DDoS 攻擊時自動套用緩解措施。每個受到 DDoS 攻擊的客戶都會收到提示,請求參與一個自動化調查,以幫助我們更好地瞭解該攻擊的性質以及緩解措施的成功率。

兩年多以來,Cloudflare 一直在對受到攻擊的客戶進行調查,調查中的一個問題是,他們是否收到威脅或勒索信,要求付款以換得停止 DDoS 攻擊。

第二季度報告威脅或勒索信的受訪者數量環比和同比增長 11%。在本季度,我們一直在緩解 DDoS 勒索攻擊,這些攻擊由自稱是進階持續威脅 (APT) 組織「Fancy Lazarus」的實體發起的。金融機構和加密貨幣公司成為這起活動的主要目標。  

2022 年第二季度 DDoS 攻擊趨勢
報告受到 DDoS 勒索攻擊或在攻擊前收到威脅的受訪者百分比。

深入探究第二季度,我們可以看到,在 6 月份,每五名受訪者中就有一人報告收到 DDoS 勒索攻擊或威脅 — 這既是 2022 年報告數量最多的月份,也是自 2021 年 12 月以來報告數量最多的月份。

2022 年第二季度 DDoS 攻擊趨勢

應用程式層 DDoS 攻擊

應用程式層 DDoS 攻擊,特別是 HTTP DDoS 攻擊,旨在通過使 HTTP 伺服器無法處理合法用戶請求來破壞它。如果伺服器收到的請求數量超過其處理能力,伺服器將丟棄合法請求甚至崩潰,導致對合法使用者的服務效能下降或中斷。

2022 年第二季度 DDoS 攻擊趨勢

應用程式層 DDoS 攻擊:月份分佈

第二季度,應用程式層 DDoS 攻擊數同比增長 44%。

整體來說,在第二季度,應用程式層 DDoS 攻擊數量同比增長 44%,但環比下降 16%。5 月是本季度最繁忙的月份。幾乎 47% 的應用程式層 DDoS 攻擊都發生在 5 月,而 6 月發生的攻擊數最少 (18%)。

2022 年第二季度 DDoS 攻擊趨勢

應用程式層 DDoS 攻擊:行業分佈

針對航空和太空業的攻擊數環比增長 256%。

第二季度,航空和太空是遭受應用程式層 DDoS 攻擊最多的產業。銀行、金融機構和保險業 (BFSI) 緊隨其後,而遊戲/博彩業則位居第三。

2022 年第二季度 DDoS 攻擊趨勢



隨著烏克蘭地面、空中和水面戰爭的繼續,網路空間的戰爭也在繼續。將烏克蘭公司作為攻擊目標的實體似乎在試圖掩蓋資訊。烏克蘭遭受攻擊最多的前六大產業均為廣播、網際網路、網路媒體和出版業 — 這幾乎占所有針對烏克蘭的 DDoS 攻擊的 80%。

2022 年第二季度 DDoS 攻擊趨勢

而戰爭的另一方,俄羅斯的銀行、金融機構和保險 (BFSI) 公司受到的攻擊最多。幾乎 50% 的 DDoS 攻擊的目標都是 BFSI Continue reading

2022년 2분기 DDoS 공격 동향

2022년 2분기 DDoS 공격 동향
2022년 2분기 DDoS 공격 동향

2022년 2분기 DDoS 보고서에 오신 것을 환영합니다. 이 보고서에는 Cloudflare 네트워크 전반에서 관찰된 DDoS 위협 환경에 대한 인사이트와 동향이 담겨있습니다. 이 보고서의 인터랙티브 버전을 Radar에서도 이용할 수 있습니다.

2분기에 우리는 Cloudflare에서 자동으로 감지하고 대처한 초당 2,600만 회의 요청이 이루어진 HTTPS DDoS 공격을 포함하여 사상 최대 규모의 공격을 경험했습니다. 또한, 우크라이나와 러시아에 대한 공격은 지속되고 있으며, 새로운 랜섬 DDoS 공격이 등장하였습니다.

주요 특징

우크라이나와 러시아에서의 인터넷

  • 지상에서의 전쟁은 정보 전파를 겨냥하는 공격과 함께 이루어집니다.
  • 2분기에 가장 많은 DDoS 공격이 이루어진 대상은 우크라이나의 방송매체 회사들이었습니다. 실제로, 가장 많은 공격을 받은 상위 6개 산업은 모두 온라인/인터넷 매체, 출판, 방송 분야에 속했습니다.
  • 반면, 러시아의 경우 온라인 매체는 가장 많은 공격을 받은 산업 순위에서 3위로 처집니다. 온라인 매체보다 순위가 높은 산업을 보면 러시아의 은행, 금융 서비스 및 보험(BFSI) 회사들이 2분기에 공격을 가장 많이 받았고, 전체 응용 프로그램 계층 DDoS 공격의 거의 50%가 BFSI 분야를 대상으로 했습니다. 두 번째로 공격을 많이 받은 것은 암호화폐 회사들이었습니다.

개방형 인터넷이 러시아로 계속 유입되도록 하고 공격이 외부로 유출되지 않도록 차단하기 위해 Cloudflare에서 어떤 일을 하는지 자세히 읽어보세요.

랜섬 DDoS 공격

  • 우리는 팬시 라자러스(Fancy Lazarus)라고 자칭하는 공격자들에 의한 랜섬 DDoS 공격이 급증하는 것을 목격했습니다.
  • 2022년 6월에는 랜섬 공격 건수가 올해 들어 최고 수준으로 늘어났습니다. DDoS 공격을 경험한 Continue reading

Tendances en matière d’attaques DDoS au deuxième trimestre 2022

Tendances en matière d'attaques DDoS au deuxième trimestre 2022
Tendances en matière d'attaques DDoS au deuxième trimestre 2022

Bienvenue dans notre rapport consacré aux attaques DDoS survenues lors du deuxième trimestre 2022. Ce document présente des tendances et des statistiques relatives au panorama des menaces DDoS, telles qu'observées sur le réseau mondial de Cloudflare. Une version interactive de ce rapport est également disponible sur Radar.

Au cours du deuxième trimestre, nous avons observé certaines des plus vastes attaques jamais enregistrées, notamment une attaque DDoS HTTPS de 26 millions de requêtes par seconde, automatiquement détectée et atténuée par nos soins. Nous avons également constaté la poursuite des attaques contre l'Ukraine et la Russie, de même que l'émergence d'une nouvelle campagne d'attaques DDoS avec demande de rançon.

Points clés

Le réseau Internet russe et ukrainien

  • La guerre au sol s'accompagne d'attaques ciblant la diffusion des informations.
  • Les entreprises du secteur audiovisuel ukrainien ont été les plus visées par les attaques DDoS au deuxième trimestre. Pour tout dire, les six secteurs les plus attaqués se situent tous dans le domaine des médias en ligne/Internet, de la publication et de l'audiovisuel.
  • À l'inverse, en Russie, les médias en ligne reculent de secteur le plus attaqué à la troisième place. Les entreprises du secteur de la banque, des assurances et des Continue reading

Entwicklung der DDoS-Bedrohungslandschaft im zweiten Quartal 2022

Entwicklung der DDoS-Bedrohungslandschaft im zweiten Quartal 2022
Entwicklung der DDoS-Bedrohungslandschaft im zweiten Quartal 2022

Willkommen zu unserem DDoS-Bericht für das zweite Quartal 2022. Darin beschreiben wir Trends hinsichtlich der DDoS-Bedrohungslandschaft, die sich im globalen Cloudflare-Netzwerk beobachten ließen, und die von uns daraus gezogenen Schlüsse. Eine interaktive Version dieses Berichts ist auch bei Radar verfügbar.

Im zweiten Quartal haben wir einige der größten Angriffen aller Zeiten registriert, darunter eine HTTPS-DDoS-Attacke mit 26 Millionen Anfragen pro Sekunde, die von Cloudflare automatisch erkannt und abgewehrt wurde. Neben fortgesetzten Angriffen auf die Ukraine und Russland hat sich zudem eine neue Ransom-DDoS-Angriffskampagne entwickelt.

Die wichtigsten Erkenntnisse auf einen Blick

Das Internet in Russland und der Ukraine

  • Der Krieg wird nicht nur physisch, sondern auch in der digitalen Welt ausgefochten. Dort zielen die Angriffe darauf ab, die Verbreitung von Informationen zu verhindern.
  • In der Ukraine waren im zweiten Quartal Rundfunk- und Medienunternehmen das häufigste Ziel von DDoS-Angriffen. Tatsächlich sind die sechs am stärkten betroffenen Branchen alle den Bereichen Online-/Internetmedien, Verlagswesen und Rundfunk zuzurechnen.
  • Demgegenüber sind in Russland die Online-Medien unter den Angriffszielen auf den dritten Platz zurückgefallen. Spitzenreiter war das Segment Banken, Finanzdienstleistungen und Versicherungen (Banking, Financial Services and Insurance – BFSI). Fast 50 % aller DDoS-Angriffe auf Anwendungsschicht richteten sich gegen diese Sparte. Am zweithäufigsten wurden in Russland Continue reading

Tendencias de los ataques DDoS en el segundo trimestre de 2022

Tendencias de los ataques DDoS en el segundo trimestre de 2022
Tendencias de los ataques DDoS en el segundo trimestre de 2022

Te damos la bienvenida a nuestro informe sobre los ataques DDoS del segundo trimestre de 2022, que incluye nuevos datos y tendencias sobre el panorama de las amenazas DDoS, según lo observado en la red global de Cloudflare. Puedes consultar la versión interactiva de este informe en Radar.

En el segundo trimestre, hemos observado algunos de los mayores ataques hasta la fecha, incluido un ataque DDoS HTTPS de 26 millones de solicitudes por segundo que Cloudflare detectó y mitigó automáticamente. Además, continúan los ataques contra Ucrania y Rusia, al tiempo que ha aparecido una nueva campaña de ataques DDoS de rescate.

Aspectos destacados

Internet en Ucrania y Rusia

  • La guerra en el terreno va acompañada de ataques dirigidos a la difusión de información.
  • Las empresas de medios de comunicación de Ucrania fueron el blanco más común de ataques DDoS en el segundo trimestre. De hecho, los seis sectores que recibieron el mayor número de ataques pertenecen a los medios de comunicación en línea/Internet, la edición y audiovisual.
  • En Rusia, por el contrario, los medios de comunicación en línea descendieron al tercer lugar como el sector más afectado. En los primeros puestos, las empresas de banca, servicios financieros y seguros (BFSI) Continue reading
1 2 3