DDoS attacks increased massively in 2021 – what is the global threat situation today?

DDoS attacks increased massively in 2021 - what is the global threat situation today?

An IT trend that the industry has been following with unrest for a long time has become more acute than ever in 2021: Distributed denial-of-service attacks – although they have been increasing rapidly for years – are no longer just isolated phenomena. […]

DDoS attacks are used to extort ransoms, plague financial institutions, target government, medical and critical infrastructures and systematically paralyze them. In this way, Puerto Rico’s energy supply was switched off last year, New Zealand banks were put out of action and the city administration of The Hague was sabotaged. The fact that Russian DDoS attacks were launched in the run-up to the conflicts in Eastern Europe no longer surprised anyone. These cyberattacks are firmly part of the tools of criminals – it is also to be expected that cyberattacks will be increasingly perceived globally as a means of asymmetric warfare.

However, criminal DDoS actions have been around for about 20 years – and during this time they have been constantly developed and complicated. The problem is, among other things, that they are not always recognized immediately. The sophisticated methods have made it more difficult to find a strategy against it. In addition, there are the sheer dimensions: DDoS attacks on the networks of companies and service providers continued to grow massively in 2021. This concerns both the number of attacks, the attack bandwidths and the proportion of multivector attacks.

The number of attacks in the international Link11 network has increased by 41 percent between 2020 and 2021. From an already high level, the numbers have increased dramatically again. In addition, the average maximum attack bandwidths have also increased significantly from 161 Gbps to 437 Gbps. There were numerous other high-volume attacks, especially in the second half of the year.

Among other things, the new and massive botnet Meris was responsible for the increase in high-volume attacks. It can also disrupt very robust networks by a large number of requests per second (RPS) – whereas tailor-made IT security solutions help. 37 Percent of DDoS attacks used cloud resources that were misused. In 2016, it was 2.1 percent.

DDoS attacks are becoming more and more unrestrained

In several countries, including Germany, there were several cyber attacks on vaccination portals in 2021. The websites that are used to book vaccination appointments with the COVID-19 vaccine have been overloaded with DDoS attacks. Between September and November, several international VoIP providers were attacked. Including the internationally active industry giants Bandwidth, VoIP.ms and Telnyx. For days, the attacks paralyzed the services of the service providers. The REvil ransomware group was responsible for a large part of the attacks and demanded ransoms of up to $ 4.5 million.

Complex multivector attacks are now standard

In detail, a disturbing trend has solidified: 71 percent of all attacks were identified as a “multivector”. This means that the perpetrators use different access routes and methods at the same time. The challenge: The more vulnerabilities and protocols the attackers use, the more difficult it is to detect and defend against attacks, which increases the probability of success for the perpetrators. Because the bottom line is that various attacks run synchronously, which also have to be identified individually in order to recognize a pattern.

Since the first reflection amplification vectors appeared in 2013, the spectrum of vectors has become much larger, such as memcached reflection amplification and CLDAP. In 2021, the LSOC identified new vectors through its global network and AI-based mitigation technology: among others, Datagram Transport Layer Security (DTLS) via Citrix Netscaler and Session Traversal Utilities for NAT (STUN). In 2020, the share of multivector attacks was still at 59 percent. Fighting such attacks is like fighting the hydra: if you defuse a vector, you find that it is replaced by two new ones.

DDoS attacks as a fog candle

Another key finding from last year: DDoS attacks are increasingly serving as a fog candle. In the slipstream of a violent DDoS attack, the hackers can enter and attack network security unnoticed through the back door – since the IT resources are fully focused on defending against the DDoS attack. This can lead to data theft and other attacks. DDoS here only serves as a distraction maneuver – and this danger is getting bigger and bigger. Therefore, it is always important to be professionally prepared against these attacks: the faster and more precisely the DDoS attacks are detected and repelled, the more time the IT employees gain to detect further anomalies and dangers in the network – and to combat them.

Precise attacks – precise protection

Overall, the number, complexity and precision of the attacks have increased. The attack techniques are becoming more and more sophisticated. Complex and combined forms of attack make it difficult for companies to defend themselves. Off-the-shelf protection solutions, whose patch and update cycles lag behind the threat landscape, can no longer keep up. Instead, companies should rely on intelligent systems with multi-layered anomaly detection and networked security mechanisms.

In addition, ransom extortions are likely to continue to increase in 2022, also because access to the associated infrastructure has become easier and cheaper and the actions are unfortunately easy to carry out. As companies continue to advance their digitization, they offer more and more attack surfaces and become more vulnerable to business interruptions without insufficient protection. Many of the attacks go unnoticed and are also used to prepare for further widespread burglaries. What is then not mitigated by the IT security provider immediately or in a fraction of a second can not only lead to temporary failures, for example of the website, but can bring complete infrastructures to a standstill and thus cause lasting damage. Unfortunately, based on our experience, too little attention is still being paid to all this on the market.

*The author Marc Wilczek is Managing Director of Link11.

Tech Outsourcing | Dedicated Software Team

Ready to see us in action:

More To Explore

Enable registration in settings - general
Have any project in mind?

Contact us: