According to security services provider Akamai, Distributed Denial of Service (DDoS) attacks are growing bigger in volume, and they have also become more targeted and increasingly persistent.
Akamai observed the largest DDoS extortion campaign, which impacted thousands of companies globally. In 2021 alone, more attacks over 50 Gbps than in all of 2019. The attacks of this scale can take almost anyone offline.
The largest of these were 800+ Gbps assaults: one at 824 Gbps, the other at 812 Gbps, both during the same day, February 24. Akamai also observed a 594 Gbps attack on March 5.
Threat actors continue to Expand their Sights
The number of customer attacks per month has continued at near-record volume, and have continued to see diversification of attacks across geographies and industries.
A recent analysis showed a 57% increase in the number of different customers attacked year over year.
The most recent extortion attack — peaking at more than 800 Gbps and targeting a European gambling company — was the biggest and most complex seen since the widespread return of extortion attacks that kicked off in mid-August 2020.
Since the start of the campaign, show-of-force attacks have grown from 200+ Gbps in August to 500+ Gbps by mid-September, then ballooned to 800+ Gbps by February 2021.
As reported by Akamai Security Intelligence Response Team’s threat advisory released March 23, 2021, the criminal actors used a previously unseen DDoS attack vector that leveraged a networking protocol known as protocol 33, or Datagram Congestion Control Protocol (DCCP).
This attack is akin to a SYN flood in DCCP, but in this case, is volumetric. Threat actors abuse protocol 33 in an attempt to bypass defenses focused on traditional Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) traffic flows.
The new DCCP DDoS attack vector is just the latest example of protocol abuse discoveries made by the Akamai SIRT.
The 2021 DDoS campaigns have become more targeted and much more persistent. The attackers were persistently looking for weaknesses in defenses to exploit, as well as trying different attack vector combinations. In one attack, the threat actors targeted nearly a dozen IPs and rotated through multiple DDoS attack vectors trying to increase the likelihood of disrupting the back-end environments.
DDoS attack Forecast Continues to Anticipate Attack Growth on Four Fronts:
- Number of DDoS attacks
- Number of large DDoS attacks (> 50 Gbps)
- Number of industries targeted with DDoS
- Number of organizations targeted with DDoS