Threat Intelligence & Incident Response

Lumen research reveals latest DDoS stats, trends, predictions & costs

Nearly 90% of Q4 DDoS attacks were potentially ‘hit and run” style, probing attacks

Lumen Technologies® (NYSE: LUMN) today released its latest report detailing Distributed Denial of Service (DDoS) activity from Q4- and full-year 2022. The report includes 2023 predictions, a DDoS cost breakdown, and Q4 and full-year data from the Lumen DDoS mitigation service.

Additional analysis provided by the Lumen Black Lotus Labs® threat intelligence team, their intelligence feeds Lumen’s Rapid Threat Defense – a proprietary countermeasure that automatically blocks attacks before they reach the customer’s network.

Read the Lumen Q4 2022 DDoS Report, and register for a live Q&A with Lumen security researchers who will discuss the findings on Tuesday, Feb. 14, 2022, at 9:30 a.m. MT.

“Companies’ digital interactions with partners and customers are accelerating, and that’s led to both an increase in attacks, and subsequent investments in DDoS- and application layer-protections,” said Andrew Dugan, chief technology officer for Lumen. “In addition to mitigating the largest DDoS attack to-date in 2022, we observed hit-and-run style attacks along with complex campaigns targeting governments, civilian infrastructure and high-profile industries. We expect these trends to continue in 2023, underscoring the need for comprehensive web application and API security solutions.”2023 DDoS predictions

Researchers reviewed data from the Lumen DDoS mitigation service to develop the following predictions for 2023:

  1. Attackers will find new resources to leverage. Cybercriminals and defenders are constantly maneuvering to stay one step ahead. In 2022, attackers began leveraging cloud-based, virtual services in ways never seen before. We anticipate they will look for similar new attack methods in 2023.
  2. Expansion of the victim pool. Large organizations continue to fortify their defenses, so we believe attackers might begin targeting small- and mid-size businesses. These organizations typically have fewer cyber defenses, but they still have critical data and applications that could attract criminals.
  3. Timing is intentional. While DDoS attacks have become ubiquitous with certain days like Cyber Monday, data from the Lumen DDoS mitigation service reveal the most popular week for DDoS attacks in 2021 and 2022 were the days surrounding the July 4 holiday in the United States. Lumen predicts attackers will coordinate attacks to coincide with holidays and culturally significant events throughout 2023.

The cost of a DDoS attack

The Q4 DDoS report also includes a breakdown of the potential cost of a DDoS attack. The estimate is based on data entered into Lumen’s online DDoS Impact Calculator. Several factors influence the cost, so researchers developed a generic use-case based on the following assumptions:

  • The simulated victim is a Software and Technology company with $2 billion in annual revenue.
  • Online motions account for $500 million of total revenue.
  • The company has a small IT team with two employees dedicated to fixing security issues.
  • On average, security-related incidents generate 25 customer support calls per hour.

Results: This organization is expected to be targeted with 13 DDoS attacks per year resulting in 19 hours of downtime per attack at a cost of nearly $21 million.Notable DDoS statistics from the Q4 DDoS report

Q4 2022

  • Nearly 90% of all DDoS attacks in Q4 were potentially “hit and run” style. These attacks last 30 minutes or less, and threat actors frequently use them to probe a target’s defenses before launching a larger, sustained attack.
  • Domain Name System (DNS) is an essential service, and the number of DNS amplification attacks increased 73% quarter over quarter.


  • Lumen mitigated 22% more DDoS attacks in 2022 than in 2021.
  • The largest attack Lumen mitigated in 2022 was 1.06Tbps. It occurred in Q2 2022 and was also the largest DDoS attack Lumen has mitigated to-date.

Additional resources 

  • Read the full Q4 2022 DDoS Report.
  • Join Lumen DDoS experts in a live, online Q&A on Tuesday, Feb. 14 at 9:30 a.m. MT.
  • Refer to the Q4 2022 DDoS report for more details about this use case.
  • See Lumen’s analysis of the security trends observed in 2022 that could shape defenders’ responses in 2023.
  • Visit the Lumen Quarterly DDoS report archive.
  • Learn about Lumen’s comprehensive DDoS mitigation and Next-gen WAF/WAAP services.
  • See how Lumen Rapid Threat Defense uses global threat intelligence from Black Lotus Labs® as a countermeasure to block DDoS bots on the network as traffic hits a scrubbing center.

Visit AITechPark for cutting-edge Tech Trends around AI, ML, Cybersecurity, along with AITech News, and timely updates from industry professionals!

Related posts

Threat Intelligence Pioneer Cyborg Integrates With Elastic

Business Wire

Cybersecurity startup ActZero announces its public launch

PR Newswire

SentinelOne Appoints Brian Hussey as VP of Cyber Threat Response

Business Wire