DDoS attacks are getting bigger and more complex, funding the most targeted sector
Distributed denial of service (DDoS) attacks declined slightly in 2021, but are becoming larger and more complex, according to an analysis by F5.
The data showed a 3% year-over-year decline in overall recorded attack volume in 2021. However, while volume may have decreased, attack severity has increased markedly over the course of 2021. of the year.
In the fourth quarter of 2021, the average attack size recorded was over 21 Gbps, more than four times the level at the start of 2020. Last year also saw the record for the largest attack ever recorded on several occasions.
“The volume of DDoS attacks has fluctuated quarter over quarter, but the undeniable trend is that these attacks are getting bigger and bigger,” said David Warburton, director of F5 Labs. “While the maximum attack size has remained stable throughout 2020, in the past year we have seen it increase steadily.”
The attacks are on the rise
While most recorded attacks in 2021 were below 100 Mbps, there were some notable exceptions.
After the biggest attack of 2020 hit 253 Gbps, there was one that hit in February 2021 measuring 500 Gbps. The record was broken again in November with an attack weighing in at 1.4 Tbps, more than five times the previous year’s record.
Targeting an ISP/hosting client, maximum attack bandwidth was reached in just 1.5 minutes and lasted just four minutes in total, leveraging a combination of volumetric (DNS reflection) and application layer (flooding) methods. HTTPS GET).
Attacks become complex
Volumetric attacks, which use publicly available tools and services to flood a target’s network with more bandwidth than they can handle, remained the most common form of DDoS in 2021, accounting for 59% of all recorded attacks. This represents a slight decrease from 66% the previous year, as the prevalence of protocol and application type DDoS attacks increased, with the latter increasing by nearly 5% year over year.
This slight discrepancy was underlined by the modification of the use of the protocols. 27% of attacks in 2021 leveraged TCP, up from 17% the previous year, indicating the requirements for more complex application and protocol-based attacks.
In terms of specific attack methods, there have been notable changes in prevalence: DNS query attacks have become more common, up 3.5% year-over-year, and the use of UDP fragmentation decreased by 6.5%. LDAP reflection also decreased by 4.6% and DNS reflection by 3.3%.
“Along with changes in attack type, we continued to observe a high prevalence of multi-vector attacks, including the 1.4 Tbps incident that used a combination of DNS reflection and HTTPS GETS,” Warburton said.
“This was especially true at the start of the year, when multi-vector attacks significantly outnumbered single-vector attacks. This illustrates the increasingly challenging threat protection landscape, with defenders having to use more techniques in parallel to mitigate these more sophisticated attacks and prevent a denial of service.
Financial services in the crosshairs
Banking, financial services and insurance (BFSI) was the most targeted sector for DDoS attacks in 2021, subject to more than a quarter of the total volume. This continued a trend that has seen attacks on BSFI increase steadily since the start of 2020.
In contrast, technology, the most targeted sector in 2020, fell to fourth place behind telecommunications and education. Between them, these four sectors accounted for 75% of all recorded attacks, with a long tail of others, including energy, retail, healthcare, transport and legal, which saw virtually no activity. undesirable.
“Even though the number of attacks has decreased slightly in 2021, the DDoS problem is by no means decreasing,” Warburton said. “The size and complexity of these attacks are increasing, demanding a more agile and multifaceted response from defenders.
“While it is reasonable to question the effectiveness of attacks that only last a few minutes, threat actors know that even a short service disruption can have significant consequences and negatively impact brand and reputation.
“As the sophistication and variety of DDoS attacks increase, organizations will find themselves using a wide variety of measures to protect against them, including preflight controls to inspect and limit traffic reaching endpoints, and vendors managed services that can work alongside in-house security teams at the same time. to prevent attacks and act quickly to mitigate those in progress.