Report: DDoS attack volumes on the rise in 2021

While the number of DDoS attacks held steady in the first quarter of 2021 (marking a 2% decrease from Q4 2020), the volume of attacks increased by 31%, according to Radware’s Q1 DDoS Attack Report. The largest recorded attack in Q1 of 2021 was 295 Gbps, up from 260 Gbps in Q4 of 2020. The occurrence of major attacks of 10 Gbps or more tripled in Q1 2021 in comparison to December 2020.

Radware’s quarterly report series provides an overview of attack activity experienced by a sample of the data security vendor’s customers during the first quarter of 2021. The report analyses DDoS attack activity by industries, attack vectors, DDoS attacks on applications and on premise vs cloud.

The report revealed that while DDoS attacks have traditionally impacted public assets, damaging an organisation’s reputation through public exposure, health care is different. These back-end infrastructure attacks occur more frequently during weekday business hours, with little activity over weekends or holiday periods. This impacted day-to-day business operations such as connectivity to cloud-based applications by employees or remote access for those still working from home.

Pascal Geenens, Director of Thread Intelligence for Radware, noted that the first half of Q1 was characterised by large attacks on finance and a continuation of the 2020 ransom DDoS campaign.

“By the end of 2020, the extortionists started circling back to earlier victims who did not pay ransom in earlier attempts, reusing their attack research and increasing the pace of their campaign to benefit from the surging bitcoin value,” said Geenens.

To overcome the pandemic, organisations began relying on remote operations, teleworking and remote access infrastructure. DDoS actors found new opportunities and began targeting the back end of the communication infrastructure of organisations. With limited bandwidth, attackers were able to achieve more impact and disrupt a branch or an organisation’s operations.

Attacking an organisation’s public assets provided increased visibility, but these assets were typically better protected and harder to bring down. Public-facing assets remained an essential target throughout Q1 2021 for actors attempting to impact an organisation’s reputation or send a political message.

The report revealed that health care was dominated by biotechnology and pharmaceutical attacks in the first half of Q1 2021, while the activity moved to a smaller number of attacks targeting hospitals in the second half of the quarter. The public assets of large biotechnology organisations were the primary targets and resulted in the most significant attacks for the health care vertical for the quarter.

The report found a shift in the attacks on finance — from infrequent, high-volume attacks in December and January to smaller, more frequent global attacks in March — impacting more offices and the branches of multinational organisations.

Image credit: ©stock.adobe.com/au/Maksim Kabakou