An F5 study shows: Distributed Denial of Service (DDoS) attacks are becoming increasingly violent and complex. The largest attack used 1,4 TB/s. Combined attacks are also increasing.
While the number of Distributed Denial of Service (DDoS) attacks has decreased slightly in 2021, they are becoming more violent and complex. Last year, for example, the record for the largest attack of all time was broken several times. That shows a new analysis by F5.
Q4: Average attack size at over 21 Gbps
Accordingly, the total volume of DDoS attacks fell by 3 percent compared to the previous year. But in the fourth quarter of 2021, the average attack size was over 21 Gbps, more than four times what it was at the start of 2020.
"The volume of DDoS attacks varies from quarter to quarter, but the clear trend is that these attacks are becoming more massive," said David Warburton, director of F5 Labs. "While the peak in attacks has remained constant in 2020, we've seen a steady increase over the past year."
Attacks become more intense
Most attacks recorded in 2021 were below 100 Mbps. But there were some notable exceptions. In the previous year, the largest attack reached 253 Gbit/s. The record was surpassed in February 2021 with 500 Gb/s and in November with 1,4 Tb/s.
At one ISP/hosting customer, the attack reached maximum bandwidth in just 1,5 minutes and lasted just four minutes overall. A combination of volumetric (DNS reflection) and application-related (HTTPS GET floods) methods was used.
DDoS: The complexity is increasing
Volumetric attacks that flood a network with more bandwidth than it can handle continued to be the most common form of DDoS in 2021. They accounted for 59 percent of all registered attacks. This is a slight decrease from 66 percent in the previous year. On the other hand, DDoS attacks on protocols and applications increased, the latter by almost 5 percent compared to 2020.
27 percent of attacks in 2021 used TCP, up from 17 percent last year. This points to more sophisticated application and protocol-based attacks. In terms of attack methods, there were other notable changes: DNS query attacks were 3,5 percent more common than in the previous year. In contrast, UDP fragmentation decreased by 6,5 percent, LDAP reflection by 4,6 percent and DNS reflection by 3,3 percent.
"We're seeing an increase in attacks using multiple techniques, including the 1,4 Tb/s incident that used a combination of DNS reflection and HTTPS GETS," Warburton said. “Particularly at the beginning of the year, the number of multi-vector attacks significantly exceeded the number of single-vector attacks. This complicates protection against threats. Because companies have to use more technologies in parallel to fend off these sophisticated attacks.”
Finance in focus
Banks, financial service providers and insurance companies were the industry most affected by DDoS attacks in 2021, accounting for more than a quarter of the total volume. The attacks on the sector have been increasing steadily since the beginning of 2020.
On the other hand, the technology industry, which was the most attacked in 2020, fell to fourth place behind telecom and education. These four sectors accounted for a total of three quarters of all registered attacks. Sectors such as energy, retail, healthcare, transportation and law were hardly affected.
“As DDoS attacks become more sophisticated and diverse, organizations need to take a variety of measures to protect themselves,” adds Warburton. "This includes upstream controls to inspect and limit traffic to endpoints, as well as managed service providers working with internal security teams to prevent or quickly mitigate attacks."
More at F5.com
Via F5 Networks F5 (NASDAQ: FFIV) gives the world's largest companies, service providers, government agencies and consumer brands the freedom to deliver any app securely, anywhere, with confidence. F5 offers cloud and security solutions that enable companies to use the infrastructure they choose without compromising speed and control. Please visit f5.com for more information. You can also visit us on LinkedIn and Facebook for more information about F5, its partners and technologies.