The number of DDoS attacks increased 37% from 2020 to 2021, and a total of 580,766 attacks were mitigated in 2021, according to a new 2020-2021 Global Threat Analysis Report by Radware.
Between 2020 and 2021, the average DDoS volume per company was also up 26%, but attack vectors larger than 10 Gbit/s were down 5%. The verticals most targeted by DDoS attacks were gaming and retail, each with 22% of attack volume. Next most targeted was government (13%), healthcare (12%), technology (9%) and finance (6%).
Pascal Geenens, director of threat intelligence for Radware, explained that these statistics reveal that bad actors are becoming "smarter, more organized and more targeted in pursuing their objectives," which could be politically or financially motivated, or simply intended to garner notoriety.
"In addition, cybercriminals are shifting their attack patterns – from leveraging larger attack vectors to combining multiple vectors in more complex-to-mitigate campaigns," Geenens said. "Ransomware operators and their affiliates, which now include DDoS-for-hire actors, are working with a whole new level of professionalism and discipline – something that we have not seen before."
Smaller DDoS attacks are on the rise, and Radware says the trend of micro floods – or small attack vectors – and application-level attacks are more concerning than larger attacks as they tend to fly under the radar.
"Micro floods do not necessarily impact the user experience. Still, they are enough to become a nuisance when multiple floods are orchestrated concurrently and could force owners to upgrade their Internet links or infrastructure to keep a certain level of positive user experience," said Radware in the report.
Slower and smaller attacks can go undetected and consume network infrastructure resources such as bandwidth, network and server processing, and can be more difficult to detect than larger attacks.
Between 2020 and 2021, large attacks dropped 5%, and smaller attacks (less than 1Gbit/s) increased nearly 80%. Ninety-six percent of the attack vectors in 2021 were smaller than 10Mbit/s, and the volume generated by those attack vectors totaled only 0.3% of the total attack volume last year.
From a geographical standpoint, Europe, the Middle East and Africa (EMEA) and the Americas collectively blocked 80% of the attack volume in 2021, and the Asia Pacific (APAC) region blocked 20%. Most web application attacks originated in the United States and Russia, followed by India, the United Kingdom and Germany.
Bad actors are also taking advantage of a more distributed workforce with an increase of VPN attacks by almost 2,000% in Q1 2021, according to a report by Nuspire.
As enterprises move their applications and infrastructure to the public cloud, bad actors will "adapt their tactics and techniques to match the scale of public cloud providers," said Radware in the report. Radware goes on to recommend that businesses take care to address potential DDos attacks as part of their overall security strategy: "DDoS mitigation should be part of the protective measures companies implement whenever using or exposing services and applications to the Internet."
- NTT's Bruce Snell on 'wide sweeping ramifications' of Log4j vulnerability
- Lumen, Radware combat DDoS attackers flying under the radar
- Nokia Deepfield CTO: How DDoS attacks are changing
— Kelsey Kusterer Ziser, Senior Editor, Light Reading