DDoS report reveals 33% more attacks in 2021

In addition to an increase in attack numbers by a third compared to the same period last year, the number of high-volume attacks also increased.

  • 3 years ago Posted in

Link11 has published its annual Link11 DDoS Report for the first half of the year. The report shows that DDoS criminals were once again very active between January and June 2021, launching a record-breaking number of attacks.

 

The Link11 Security Operations Center (LSOC) recorded a third (33%) more attacks than in the same period last year in the DDoS record year of 2020. Attacks were already at a high level in 2020, and once again increased significantly in 2021, continuing unabated. Within the half-year, the number and power of DDoS attacks have once again increased noticeably. For example, LSOC registered 19% more attacks in Q2 than in the previous quarter. But this quarter was already characterized by a large number of attacks on vaccination centers and e-schooling platforms, among others.

 

High attack volumes combined with longer durations

The report also shows that numerous attacks exceeded 100 Gbps in attack volume. Their number increased compared to the first half of 2020: from 30 to 40 attacks. In addition, there were hundreds of attacks with bandwidth peaks between 20 and 100 Gbps. Whether employing hijacked cloud accounts or botnets, these attack bandwidths are becoming the norm. Many of these high-volume attacks dragged on for hours. Usually high-bandwidth attacks end after a few minutes to conserve the attackers’ resources. In the first half of the year, the largest attack stopped at 555 Gbps and exceeded the maximum attack bandwidth of the same period last year by almost 38%.

 

The most important source countries for attacks were the USA and Germany

The devices and servers that attackers abused for DDoS attacks were distributed globally. In the 1st half of the year, most malicious DDoS traffic came from the USA. The second most frequent attacks could be traced to Germany. DDoS traffic from Russia and China, which accounted for most traffic in previous years, decreased significantly.

 

Ransom DDoS extortions on the rise

Of note is the rising incidence of DDoS extortions. Since the beginning of 2021, several of these waves (RDDoS - Ransom Distributed Denial of Service) have targeted financial, e-commerce, media and logistics, industrial, consumer goods, telecommunications, and hosting provider/ISP companies. The peaks of ransomware activity were in January and June, which required a large number of emergency integrations of DDoS protection solutions.  The perpetrators recently posed as the “Fancy Lazarus Group.” The actions of the perpetrator(s) were largely identical to the criminal activities of DDoS extortionists operating under the names Armada Collective, Fancy Bear, and Lazarus Group since the summer of 2020.

 

There’s no end in sight to the current wave of Ransom DDoS attacks, LSOC warns. Rather, companies must prepare for cyber-extortion with DDoS attacks to become a permanent part of the threat landscape and increasingly combined with other attack techniques - particularly ransomware.

 

Marc Wilczek, managing director of Link11, said, “In the first half of the year, we registered an incredibly high number of DDoS attacks and extortions. For inadequately protected companies, this often posed a major challenge, as we noticed from the high number of emergency deployments. Even tools and systems already in place were regularly pushed to their limits, and some companies didn’t realize this until the emergency hit. However once the acute threat has been overcome, such an incident offers those responsible for security the opportunity to rethink their own strategies and close the gaps in their own IT security systems. After all, prevention is better than emergency management.”


Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
73% of organizations lack automated patch management, and 62% experienced incidents involving...
Quest Software has signed a definitive agreement with Clearlake Capital Group, L.P. (together with...
Dell EMC PowerProtect Cyber Recovery for AWS provides a fast, easy-to-deploy public cloud vault to...
Aqua’s cloud native application protection platform becomes the only solution that protects cloud...
54% of organisations working on a security transformation project now or in the next 12 months.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Zscaler Zero Trust exchange cloud-based architecture enables superior green security capabilities...