Global DDoS Weapons in 2024: Bots Run Wild

What do you get when you bring soaring numbers of connected devices online worldwide—more than 29 billion by 2027? For consumers and businesses, the Internet of Things (IoT) promises a life of ever-increasing convenience, efficiency, and insight. Unfortunately, cybercriminals have just as much to celebrate. As set-top boxes, mobile devices, smart TVs, smart watches, data collection terminals, printers and media players, industrial sensors, robots, and more enter the grid—many of them secured poorly, if at all—hackers have gained rich opportunities to create bots and amplifiers for DDoS attacks.

Even as governments and organizations redouble their efforts against malicious bots and botnets, the number of bots tracked by the A10 Networks research has increased by 16 percent worldwide since 2023. The dynamic nature of bots, botnets, and reflectors makes eradicating an uphill battle, if not futile. For each weapon identified and neutralized, there’s a newcomer ready to take its place in the herd. The A10 research team has identified more than 14.6 million unique systems in amplified reflection attacks.

The amplification made possible in some types of attacks means that only a small percentage of available bots need to be activated to inflict significant damage. For example, the 1,085 amplifiers associated with Memcached have made it possible to elicit a 750kB response from a 15-byte request—an amplification factor of 51,200. That makes DDoS weapons easily affordable on a rental basis for even amateur miscreants. In this light, it’s no wonder reflectors make up about 97 percent of total DDoS weapons.

The latest edition of A10’s DDoS weapons report,?DDoS Attackers Uncovered: Understanding the DDoS Landscape , highlights alarming trends in the use of bots and reflectors as part of its analysis of the current DDoS landscape. Among its key findings:

• Thanks to a high number of reflectors, the U.S. has edged out China for hosting the largest number of amplification weapons worldwide, including 4x more weapons per capita and 2x more weapons per connected IoT device.
• Conversely, China leads in total bots, accounting for one-third of the global total. India follows with 17 percent.
• Russia has almost 8x more weapons per connected IoT device than either China or the U.S.
• While SSDP remains the most significant reflected amplification weapon in total weapons, less frequently used categories, such as Memcached, offer 1700x more amplification potential per weapon.?

Download the full report to learn more about the current state of DDoS weapons worldwide, including characteristics of the most common attacks and how they can be defended.

This article appears on the A10 blog .