DDoS: Attacks in Q3 2021 - IT infrastructure providers in their sights

1 December 2021
| No comments
DDoS: Attacks in Q3 2021 - IT infrastructure providers in their sights

Share post

DDoS attacks were more dangerous than ever in the 3rd quarter of 2021. The flood of attacks was unbroken, the attacks were broad and complex. Operators of digital infrastructures were particularly targeted.

Link11, the leading European IT security provider in the field of cyber resilience, has published new figures from its network on the development of the DDoS risk: The number of DDoS attacks is still at a very high level in the 3rd quarter of 2021. After an increase of 2% compared to the same period of the previous year had already been shown in Q2021 19, the number of attacks rose again by 3% in the third quarter.

DDos: Attack volume and complexity increase

In addition to the worsening of the threat situation with regard to the frequency of attacks, the increase in attack bandwidths and the increasing complexity of attack techniques are also noticeable. Link11's Security Operation Center (LSOC) registered an increasing number of high-volume attacks. For 130 attacks, the maximum attack bandwidth was over 50 Gbps. In addition, the maximum bandwidth has more than doubled compared to the same period in the previous year - by 159%. The largest attack was stopped at 633 Gbps. In addition, attacks on the same customer totaled 120 Tbps in 2,5 minutes.

While individual attack methods are on the decline, multi-vector attacks are becoming more and more the norm in the DDoS threat situation. The proportion of multi-vector attacks that target multiple protocols and vulnerabilities and thus different layers rose significantly from 62% in the 2nd quarter of 2021 to 78% in the 3rd quarter of 2021. This development represents many protection concepts that only affect one layer or focus on certain attack vectors, facing major challenges and bringing them to their limits.

The most important metrics for the DDoS threat situation

  • The number of attacks continued to increase: 17% increase in the number of attacks compared to Q3 2020.
  • The increase in the number of attacks was even more than 1.000% if the carpet bombing attacks explained below are no longer counted as a whole, but with their thousands of individual attacks.
  • The attack bandwidths remained very high: the largest attack was stopped at 633 Gbps. In addition, there were over 100 attacks with a peak bandwidth of more than 50 Gbps.
  • Increasing complexity of the attack patterns: 78% of the attacks were multi-vector attacks that combined several techniques.
  • Misused cloud servers as a DDoS weapon: In every third DDoS attack (33%), the attackers rely on cloud resources.

Targeted attacks on operators of ICT infrastructures

Carpet bombing attacks are currently developing into a major challenge for hosting and cloud providers, ISPs and carriers. These are technically very complex attacks. The data traffic per IP address is so low that many protection solutions fail to recognize this as an anomaly and attacks of this type remain under the radar. In addition, the attacker does not target the DDoS traffic statically to a specific system or server. Not only an IP address is attacked, but an entire network block with several hundred or thousands of addresses. The extent of the threat can be seen in the example of a hosting provider from Southeast Asia that is protected via the Link11 network. In August 2021, the LSOC registered several 72 carpet bombing attacks on the company within 100.000 hours. According to the LSOC, the type of attack thus achieved a new level of quality.

The attack bandwidths of the individual attacks ranged from 100 Mbps to 40 Gbps and quickly added up to a total volume in the terabit range. For an inadequately protected hosting provider whose core business is the operation of servers, it is almost impossible to prevent such “area bombing”.

Carpet Bombing: Difficult to detect anomalies in the network

"Although carpet bombing attacks are apparently primarily aimed at hosting and cloud providers, ISPs and carriers, their possible effects should not be underestimated," says Marc Wilczek, Managing Director of Link11. “The attackers deliberately target the operators of basic digital infrastructures. When these infrastructures go offline, their customers' networked business and working environments go offline with them. So there is no reason to give the all-clear. As the phenomenon increases, it is more a matter of time before other economic sectors are also confronted with it. "

More at Link11.com

 

Via Link11

Link11 is the leading European IT security provider in the field of cyber resilience, with headquarters in Germany and worldwide locations in Europe, North America, Asia and the Middle East. The cloud-based security services are fully automated, react in real time and repel all attacks, both known and new patterns, guaranteed in less than 10 seconds. According to the unanimous opinion of analysts (Gartner, Forrester), Link11 thus offers the fastest detection and defense (TTM) available on the market. The Federal Office for Information Security (BSI) identifies Link11 as a qualified DDoS protection provider for critical infrastructures. To ensure cyber resilience, web and infrastructure DDoS protection, bot management, zero-touch WAF and even secure CDN services ensure holistic and cross-platform hardening of networks and critical applications in companies.

 

Matching articles on the topic

IT security: NIS-2 makes it a top priority

Only in a quarter of German companies do management take responsibility for IT security. Especially in smaller companies ➡ Read more

Cyber ​​attacks increase by 104 percent in 2023

A cybersecurity company has taken a look at last year's threat landscape. The results provide crucial insights into ➡ Read more

Mobile spyware poses a threat to businesses

More and more people are using mobile devices both in everyday life and in companies. This also reduces the risk of “mobile ➡ Read more

Crowdsourced security pinpoints many vulnerabilities

Crowdsourced security has increased significantly in the last year. In the public sector, 151 percent more vulnerabilities were reported than in the previous year. ➡ Read more

Digital Security: Consumers trust banks the most

A digital trust survey showed that banks, healthcare and government are the most trusted by consumers. The media- ➡ Read more

Darknet job exchange: Hackers are looking for renegade insiders

The Darknet is not only an exchange for illegal goods, but also a place where hackers look for new accomplices ➡ Read more

Solar energy systems – how safe are they?

A study examined the IT security of solar energy systems. Problems include a lack of encryption during data transfer, standard passwords and insecure firmware updates. trend ➡ Read more

New wave of phishing: Attackers use Adobe InDesign

There is currently an increase in phishing attacks that abuse Adobe InDesign, a well-known and trusted document publishing system. ➡ Read more

Stories
, , , , ,