An old friend will also become more and more dangerous in 2021: Distributed Denial of Service (DDoS). Corresponding attacks are increasing in both number and complexity. Roman Borovits, Senior Systems Engineer at F5, evaluates current data, according to which the incidents are becoming increasingly violent and complex.
The number of DDoS attacks rose by 2020 percent from January 2021 to March 55. Most (54%) used multiple attack vectors. This is shown by current data collected by the F5 Silverline Security Operations Center (SOC) and the F5 Security Incident Response Team (SIRT).
Different DDoS variants
Volumetric DDoS attacks, in which a network is flooded with data traffic, are still the most common method. They accounted for almost three quarters (73%) of all incidents in the period under review. But other forms of attack are on the rise. By far the fastest growing method is Protocol DDoS. It fills the connection tables of firewalls and routers so that they can no longer process received data packets. In the first three months of 2021, F5 Labs observed an increase of 135 percent here compared to the previous year. Volumetric attacks increased here by 59 percent.
At the same time, attacks on applications made up 2020 percent of all DDoS incidents from January 2021 to March 16. They even led to more than 50 percent of all DDoS-related support cases processed by the F5 SIRT. This type of attack aims to consume resources of the "origin" server for an application. Then the application has to process the attacker's numerous illegitimate requests instead of the legitimate requests.
Hackers are getting more sophisticated
The increasing DDoS attacks are also becoming more and more complex. In the first quarter of 2021, the number of multi-vector attacks increased by 80 percent compared to the previous year. This type includes the launch of attacks in parallel using different techniques. In contrast, the number of single-vector attacks changed only minimally.
An average of 2,7 different methods were used in multi-vector attacks. The most complex attacks recorded consisted of up to eight types of attack. These target, for example, the Internet bandwidth, the network stack and the victim's application server in parallel. In addition, the data volume of the attacks increases. An attack on a technology company reached a peak of 500 gigabits per second.
Sectors attacked
Four industries in particular have been affected by DDoS attacks since the beginning of 2020: technology (25%), telecommunications (22%), finance (18%) and education (11%). However, the frequency of these attacks does not correlate with the severity. The healthcare industry was exposed to only a few, but all the more violent, DDoS attacks. The regular attacks on financial, technology and telecommunications companies, on the other hand, were significantly lighter on average.
The pandemic had a notable impact. In the first quarter of 2021, many schools and universities around the world returned to face-to-face teaching after a long break. In these three months, more than half (56%) of all DDoS incidents in the education sector occurred since January 2020.
Successfully ward off attacks
Overall, DDoS attacks are becoming more and more diversified. On the one hand, hobby hackers can download standard tools and view instructions on YouTube - or use a cheap DDoS service. On the other hand, experienced cybercriminals combine this type of attack with other types in order to attack organizations from different sides at the same time. DDoS is also increasingly used to extort ransomware through ransomware or to use vulnerable DNS, NTP, Memcached and LDAP services for targeted attacks on other companies.
Therefore, all systems must be protected from vulnerabilities and unauthorized access, especially when they are connected to the Internet. Companies and institutions should use the latest security measures such as web application firewalls and solutions for bot detection. These distinguish requests from real users from automatic, malicious bots. The malicious traffic is then removed before it reaches the web server.
More at F5.com
Via F5 Networks F5 (NASDAQ: FFIV) gives the world's largest companies, service providers, government agencies and consumer brands the freedom to deliver any app securely, anywhere, with confidence. F5 offers cloud and security solutions that enable companies to use the infrastructure they choose without compromising speed and control. Please visit f5.com for more information. You can also visit us on LinkedIn and Facebook for more information about F5, its partners and technologies.