The Current DDoS Threat Landscape – Will It Ever Get Better?

Our DDoS partner NETSCOUT recently published the NETSCOUT Threat Intelligence Report Issue 7, covering the first half of 2021 and analyzing the DDoS landscape and related threats. Similarly, our connectivity partner, Telia Carrier, released the DDoS Threat Landscape Report 2021, which covers all of 2020. The general result of both these reports is far from optimistic – DDoS attacks keep increasing in size, number, and complexity.

Telia Carrier – DDoS Attacks in 2020

The main takeaways from the Telia Carrier report are as follows:

• The intensity of DDoS attacks keeps increasing. The largest attack in 2020 mitigated by Telia Carrier reached 1.18 Tbps, which is nearly 50% more than in 2019, and the peak attack intensity was 887 Mpps.
• The mitigation volume reached 57 PB and 14 TP which is up 192% and 176% respectively from 2019.
• Carpet bombing (attacking many IPs in a given range at the same time) is becoming more commonplace. Starting from isolated attacks in early 2020, Telia Carrier has observed sustained carpet bombing activity in late 2020.
• The most common types of DDoS attacks were DNS and NTP amplification attacks – this is a shift from small packet SYN attacks that were observed more often in the past and it allows attackers to use fewer resources for larger attacks.

These numbers and trends are proof that the DDoS threat keeps growing, putting more pressure on organizations and requiring efficient mitigation. Interestingly, attack waves mirrored the world lockdown phases due to the COVID-19 pandemic. This suggests that cybercriminals are taking advantage of the pandemic to apply more pressure at the weak spots.

NETSCOUT – DDOS Threat Landscape in 2021 H1

The numbers from NETSCOUT speak for themselves. Telia Carrier’s 2020 already looked bleak but things are even worse off in the first half of 2021.

• The quantity of DDoS attacks in the first half of 2021 reached 5.4 million, which is 11% more than last year in the same period.
• The largest attack observed was 1.5 Tbps (169% more than in 2020 H1) and the fastest was 675 Mpps (16% more than in 2020 H1). At least 4 attacks were terabit-class.
• Seven new attack vectors were observed in 2021 H1, targeting exploitable UDP services and applications.
• The number of vectors in multivector attacks steadily grows – a record-setting attack with 31 vectors was observed in 2021 H1.

NETSCOUT also stated that attackers are more and more likely to perform reconnaissance on their target and design custom attack vectors that are more likely to be effective. Cybercriminals are now more apt to attack global network components such as major DNS resolvers, VPN exit nodes, and IXPs, which makes the DDoS affect a much larger number of parties. A new campaign was also observed targeting authoritative DNS servers for ISPs.

One of the most worrying trends is the fact that ransomware gangs often offer DDoS attacks as part of their service packages. This helps them improve the chances at getting a payout and then enables them to invest into better resources and technology thus leading to more ransomware attacks. This also means that ransomware and DDoS become closely coupled and that we can expect even more DDoS in the future.

Everyone’s the Target

The NETSCOUT report identified the most likely vertical targets for DDoS attacks as: telecommunications, data processing, hosting, publishing, broadcasting, and e-commerce. The biggest attack increase was noticed in the financial sector – especially card processing services.

The report also notes that DDoS attacks are very common in the online gaming community. Such attacks often end up crippling VPNs as well as deal collateral damage to ISPs and other customers connected to the same communications hubs. The gaming community also creates a demand for small-scale DDoS services, which become more commonly available, cheaper, and therefore lead to more DDoS attacks on smaller targets outside this community.

The Conclusions

Both reports clearly show that everything about the DDoS landscape is becoming more threatening. This includes the number of attacks, the size/intensity of attacks, the techniques, and even financing for attackers. The reports also show that while major organizations are still the most affected, the attacks on Internet infrastructure, VPN, as well as the availability of small-scale DDoS services makes SMBs much more likely to suffer DDoS consequences.

The only way to counter this threat is by using reliable services such as the ones offered by BMIT Technologies. You need 24/7 protection and a partner that will react immediately when an attack happens. BMIT offers not just the right partnerships, the right tools, but also the most experience on the local market. We help you make sure that no matter whether the DDoS attack is aimed directly at you or at the infrastructure that you are connected to, it does not affect your business.

Telia Carrier rebranded to Arelion following the publication of this blog post