Last year was a tough one on the distributed denial of service (DDoS) front, according to a report from infrastructure provider Zayo.

The firm’s most recent biannual, entitled “Protecting Your Business from Cyber Attacks,” found that DDoS attacks grew by 81.7% between last year and 2023. The raw numbers are just as startling: There were a bit more than 90,000 attacks in 2023 and almost 165,000 attacks in 2024.

The company makes the point that such results are more proof that it is vital to create reliable and secure networks.

The size of the problem is equally impressive when viewed in more limited timeframes. For instance, the reports points to Netscout estimates that there were about 43,750 DDoS attacks per day and that more than 75% of new businesses are attacked within 42 days of going online.

The report pointed out that DDoS attacks often are probes to determine weak points for future attacks.

The report found that attack size increased as well, so organizations were being hit harder in addition to more often. Measured by size, the cloud and SaaS sector had the largest share of the top 10% of attacks. The two areas displaced telecommunications for the dubious distinction. The report identifies education, healthcare, and finance as key targets for attacks.

Telecom is a particularly important industry because a successful attack can cross sector boundaries and has financial, social, and public security ramifications. The broad attack surfaces presented by telecom networks — which include “varying complexities of infrastructure and multiple targets with multiple points of entry” — can be test grounds for attacks ultimately aimed at other industries.

The Zayo report also examined the prevalence of burst attacks. Last year, 86.78% of attacks were shorter than 10 minutes, with 10.26% of attacks lasting between 10 and 30 minutes. That means that almost all attacks — 97.04%, to be exact — were less than 30 minutes in duration.

“A cause for celebration? Not quite,” the report says. “Shorter duration attempts are often conducted intentionally, so defenders don’t have time to manually analyze traffic and behaviors. This is why an automated protection system is necessary: attacks both large and small will equally be protected without the need for manual intervention, making all the posturing and strategy on an attacker’s end completely irrelevant.”