2 min

This new generation of botnets uses leaked API credentials or known exploits to enslave vulnerable and misconfigured Virtual Private Servers, allowing threat actors to build high-performance botnets that are up to 5,000 times stronger than their IoT-based counterparts.

According to Cloudflare, the downside of cloud computing providers offering virtual private servers for businesses to create performant applications is that it allows attackers to create these powerful botnets more quickly and easily.

Cloudflare has been collaborating with essential cloud computing providers and partners to combat these VPS-based threats. In the process, they have taken down substantial portions of these novel botnets.


Records in Q1 of 2023 show a 60% year-over-year increase in ransom DDoS attacks. That number represents 16% of all recorded/reported DDoS attacks. These extortion-based DDoS attacks cause service outages by bombarding the target with garbage traffic and continuing indefinitely until the victim meets the attacker’s demands.

During this period, Israel was the most targeted country by DDoS attacks, followed by the United States, Canada, and Turkey. Internet services, marketing, software, and gaming/gambling were the most targeted sectors.

Cloudflare reported the most significant attack this quarter, peaking at over 71 million requests per second. Another notable incident was a 1.3 terabit per second DDoS attack targeting a telecommunications service provider in South America.

The emerging trends

Most attacks (86.6%) lasted under 10 minutes, and 91% did not exceed 500 Mbps. However, the number of larger attacks is still growing. Attacks are surpassing 100 Gbps, recording a rise of about 6.5% compared to the previous quarter.

Emerging trends in Q1 ’23 DDoS attacks include a 1,565% QoQ increase in SPSS-based attacks, a 958% QoQ rise in DNS amplification attacks, and an 835% QoQ increase in GRE-based attacks. Effective defense strategies require automated detection and mitigation solutions as DDoS attacks continue to increase in size and duration, targeting a broad range of industries.

As defenses evolve, attackers may devise new methods or return to old tactics that newer protection systems may not prioritize anymore.

Also read: Cloudflare stops largest DDoS attack ever