Total number of DDoS attacks fell 13% in 2021 over 2020, but still far above pre-pandemic levels, according to Nexusguard
Additionally, while the average attack size fell by 50% over 2021, the maximum attack size nearly tripled, growing 297% over the same period.
The top three DDoS attack vectors in 2021 were UDP (user datagram protocol) attacks, DNS (domain name system) amplification attacks, and TCP (transmission control protocol) acknowledgment attacks.
UDP attacks were still the most common form of DDoS attack, even though they accounted for a smaller percentage of attacks this year, falling from 59.9% in 2020 to 39.1% in 2021.
UDP attacks can quickly overwhelm the defenses of unsuspecting targets, and they frequently serve as a smokescreen to mask other malicious activities such as efforts to compromise personal identifiable information (PII) or the execution of malware or remote codes.
DNS amplification attacks were the second most common, even though they, too, account for a smaller percentage of total attacks than they did 12 months ago, declining from 14.2% in 2020 to 10.4% in 2021.
A DNS amplification attack occurs when UDP packets with spoofed target IP addresses are sent to a publicly accessible DNS server. Each UDP packet makes a request to a DNS resolver, often sending an “ANY” request in order to receive a large number of responses. Attempting to respond, DNS resolvers send a large response to the target’s spoofed IP address. The target thus receives an enormous amount of responses from the surrounding network infrastructure, resulting in a DDoS attack.
TCP acknowledgment (ACK) attacks, on the other hand, accounted for a larger share of total attacks, rising to become the third most common form in 2022. In 2021, TCP ACK attacks accounted for 3.7%, which rose to 9.7%.