The DDoS, or distributed denial of service, attack has long been a popular method for cyberattack. By flooding a website with more requests than it can handle, a hacker can cause the site to slow down and eventually crash, making it unavailable for legitimate users. But in 2021, cybercriminals expanded the types of organizations at the receiving end of DDoS attacks. A report released Thursday by cybersecurity firm Radware looks at how DDoS attacks surged and spread last year.
As detailed in its 2021-2022 Global Threat Analysis Report, Radware found that the number of DDoS attacks in 2021 jumped by 37% per customer over 2020. On its end, Radware discovered and blocked 580,766 DDoS attacks for all of last year, with an average of 1,591 per day.
A large number of attacks surfaced during the middle of the year as they started to jump throughout the first two weeks of June before reaching a high of 9,824 on July 10, 2021. By the end of the year, the average number of attacks seen by Radware had decreased to a level comparable to the end of 2020.
The most attacked industries last year were gaming and retail, each one accounting for 22% of the recorded attacks. Other sectors heavily hit were the government with 13% of all attacks, healthcare with 12%, technology with 9% and finance with 6%. Europe, the Middle East and Africa (EMEA) combined with America accounted for 40% of all DDoS attacks in 2021, while the Asia Pacific region registered 20% of them.
SEE: Cheat sheet: Distributed denial of service (DDoS) attacks (free PDF) (TechRepublic)
Aside from the sheer number, DDoS attacks increased in severity. Such attacks are measured based on the amount of bandwidth used. For 2021, the average volume in attacks seen by Radware ranged from 4.6 TB to 51.65 TB. The longer a DDoS attack continues, the greater the damage. For the year, the average attack witnessed by Radware lasted between 3.65 hours and 8.72 hours.
Even further, DDoS attackers have been expanding their range of victims. In the past, these kinds of attacks have directly targeted website owners for political or profiteering reasons or to distract them from other malicious activities. But increasingly, cloud providers are being hit since a single such attack can impact a large number of customers. In the fourth quarter of 2021, Microsoft Azure suffered the biggest DDoS attack ever recorded, with a size of 3.47 Tbps.
SEE: Security incident response policy (TechRepublic Premium)
Criminal gangs who specialize in ransomware are also jumping on the DDoS bandwagon. In a tactic known as triple extortion, attackers will start by encrypting the compromised data of a victimized organization. They’ll then threaten to leak the data publicly if the ransom isn’t paid. And as a third step, they’ll launch a DDoS attack against the victim as additional pressure to coax them to pay the ransom. This approach has been used by such groups as SunCrypt, RagnarLocker, Avaddon, DarkSide and Yanluowang, according to Radware.
“The statistics tell a story about bad actors,” Radware director of threat intelligence Pascal Geenens said in a press release. “They are getting smarter, more organized, and more targeted in pursuing their objectives — whether that be for money, fame, or a political cause. In addition, cybercriminals are shifting their attack patterns — from leveraging larger attack vectors to combining multiple vectors in more complex-to-mitigate campaigns. Ransomware operators and their affiliates, which now include DDoS-for-hire actors, are working with a whole new level of professionalism and discipline — something that we have not seen before.”
To help your organization combat DDoS attacks, Radware offers a guide on How To Protect Yourself Before, During and After a DDoS Attack. The guide includes key tips on protecting yourself from an initial attack, responding to an attack and analyzing your situation in the aftermath of an attack.