2022: DDoS Year-in-Review

StormWall’s DDoS Year-in-Review report takes a look at the 2022 threat landscape, breaks down the industries that were most affected, and explores current DDoS trends.

Global DDoS attack trends in 2022

  • Overall, there was a 74% YoY increase in the number of DDoS attacks in 2022.
  • The growth rate began slowing in the fourth quarter, and by December, attacks had decreased by 53%.
  • The power of botnets surged in the year, powering over 2 Tbit/s attacks that stretched up to 3 days.
  • Criminals targeted the fintech industry more than others. It suffered 34% of the incidents. There’s also been a 12-fold increase of attacks on financial services.
  • Hacktivists contributed to the increase in the strength and duration of attacks, developing tools for politically motivated actions that were eventually adopted by for-profit criminals.

DDoS attack statistics by industry

Here’s which industries were most affected by DDoS:


In 2022, financial services saw 34% of attacks, a 12x increase from the previous year. Average attack duration was 8 hours and maximum requests per second reached 1 million.

The fintech industry is usually targeted by DDoS attacks, either to extort money or conceal other malicious activities. In 2022, hacktivists were especially active in the first two quarters before petering out near the end of the year.


Telecommunications suffered 26% of total attacks, which was 4 times more than the year before. The peak attack power reached 1.2 Tbit/s, with an average duration of 8 hours.

Remote working drove many businesses to rely on video-conferencing. This made them a target of hacktivists and for-profit hackers with varying goals, from spreading their message to extortion.


In 2022, e-commerce faced 17% of DDoS attacks, with a 53% YoY rise.

The attacks on the vertical intensified during the holidays, with a 38% spike the week before Valentine's Day and another one around Black Friday and Cyber Monday in November. Many of these incidents were powered by botnets, allowing them to last 3 hours on average.


The entertainment industry suffered 12% of attacks in 2022. The number of incidents increased 3 fold YoY.

The lifting of quarantine measures have decreased online content consumption, reducing hacker leverage for extortion, which explains blunted attacks growth in the vertical.


6% of DDoS attacks in 2022 targeted insurance businesses, a 5x YoY jump.

Adversaries and competitors often seek to extort or gain a foothold in the market. DDoS attacks are particularly devastating for insurers — incurring financial losses, customer attrition, and reputation damages. Service availability is paramount for insurers.


In 2022, education industry DDoS attacks rose by 36%, accounting for 2% of all attacks.

Online learning has surged during the pandemic: 77% of public college students now take at least one course online. But networks are vulnerable, and DDoS attacks have become so easy to launch that even students can do it. Some attacks this year were launched by students targeting their academy networks during exams.

DDoS attacks by protocols

  • HTTP/HTTPS 78%
  • TCP/UDP 17%
  • DNS 2%
  • Others 3%

In 2022, 78% of DDoS attacks targeted the application layer of the OSI model, 17% hit the network and transport layers, and 3% targeted DNS. 

HTTP floods, once too expensive to run, are now dominating the threat landscape. In 2021's third quarter, 80% of attacks were packet flooding, targeting transport and application layers. But botnets' cost dropped this year, while their firepower increased, causing the shift to application layer attacks.

DDoS Attacks by Country 

The US was struck by 18.3% of all DDoS attacks, bearing the heaviest blow. The number of attacks peaked in the first and second quarters of the year but then began decreasing.

China suffered 10.7% of attacks, making it the second most targeted nation. Politically motivated actors were responsible, likely due to the country’s close ties with Russia.

India was a close runner up for the undesirable 2nd place. It came in third, with 9.2% of incidents finding their targets in the republic.

Russia, the fourth most attacked region, got hit by 8,4% of DDoS attacks. Obviously, this is due to the Russia — Ukraine conflict, which made the former the main target of hacktivism.

The UK, where 7,2% of DDoS attacks landed was the 5th most attacked country. One of the most developed economies in the world, it is typically targeted by for-profit criminals.

Wrapping up

The impact of DDoS attacks can be devastating – downtime, disruption of learning, restricted access to information and banking. StormWall recommends that all companies work with a professional security partner to strengthen their DDoS resistance.

Brought to you by

What’s hot on Infosecurity Magazine?