DDoS attacks grow in size and complexity

DDoS attack

Though the overall number fell slightly, DDoS attacks became both bigger and more complicated in 2021 according to a new report from cloud-based managed security services platform F5 Silverline.

By the final quarter of last year the mean attack size recorded was above 21 Gbps, more than four times the level at the beginning of 2020. Last year also saw the record for the largest-ever attack broken on several occasions.

One attack in February 2021 measured 500 Gbps. The record was broken again in November with an attack weighing in at 1.4 Tbps — more than five times larger than the previous year’s record.

Volumetric attacks, which use publicly available tools and services to flood a target’s network with more bandwidth than it can handle, continued to be the most common form of DDoS in 2021, comprising 59 percent of all recorded attacks — a slight decline from 66 percent in the previous year.

27 percent of attacks in 2021 harnessed TCP, up from 17 percent the previous year, showing requirements of more complex application and protocol-based attacks. In terms of specific attack methods, there were some notable changes too, with DNS query attacks becoming more common, up 3.5 percent year-on-year.

“Alongside changes in attack type, we continued to observe strong prevalence of multivectored attacks, including the 1.4 Tbps incident that utilised a combination of DNS reflection and HTTPS GETS,” says David Warburton, director of F5 Labs. “This was particularly true at the start of the year, when multi-vectored attacks significantly outnumbered single-vector assaults. It illustrates the increasingly challenging landscape for threat protection, with defenders needing to employ more techniques in parallel to mitigate these more sophisticated attacks and prevent a denial of service.”

Banking, financial services and insurance (BFSI) is the industry most targeted by DDoS attacks in 2021, accounting for more than a quarter of the total volume. That continues a trend which has seen attacks against BSFI steadily rising since the beginning of 2020.

However, technology — the most targeted sector of 2020 — has dropped to fourth place behind telecommunications and education. Between them, these four industries account for 75 percent of all recorded attacks, with a long tail of others including energy, retail, healthcare, transportation and legal that saw hardly any adverse activity.

“As the sophistication and variety of DDoS attacks increases, organizations will find themselves using a wide variety of measures to protect against them, including upstream controls to inspect and limit the traffic reaching endpoints, and managed service providers who can work alongside internal security teams both to prevent attacks and move quickly to mitigate those in progress,” Warburton adds.

The full report is available from the F5 Silverline site.

Photo Credit: DD Images/Shutterstock

Author: Martha Meyer