As part of Nexusguard’s “DDoS Statistical Report for 2021”, it was found that despite the rate of DDoS attacks falling from 2020 to 2021, the number of attacks still outweigh those experienced before the COVID-19 pandemic began, as the total number of DDoS attacks were reduced by 13.3% from 2020 to 2021, according to the DDoS protection company.
While the average attack size fell over the course of 2021, the maximum attack size jumped to 699.2 Gbps, a 297% increase over the same period. The average attack size came in at 0.76 Gbps decreasing by 50% from the beginning to end of last year.
DDoS attacks, by the numbers
The three most common attack vectors over over the last year according to Nexusguard were:
- UDP attacks (39.06%)
- DNS amplification attacks (10.4%)
- TCP acknowledgment attacks (9.7%)
By far the most frequent methods when broken down by category were volumetric or direct flood attacks, making up 79% of attacks recorded in 2021. When looked at by protocol, UDP and TCP based attacks were the most frequent, coming in at 69.5% and 20.5% respectively.
Must-read security coverage
“While the number and average size of DDoS attacks fell in 2021 over 2020, the threat level is still very high when compared to pre-pandemic levels,” said Juniman Kasman, chief technology officer of Nexusguard. “Attack vectors are also in flux, because while UDP attacks are still the most common, TCP ACK, which can exponentially amplify the effect of a DDoS event with a small amount of traffic, rose significantly. Organizations need to be prepared to deal with a wide array of vectors — DDoS remains a persistent, elevated threat.”
Oddly, March has had the highest number of DDoS attacks consistently over a five-year period, which may be due to cybercriminals getting back to work following the winter holidays. Another trend found was that attacks during the months of June, July and August typically signaled the end of DDoS attack “season”, as the number of attacks started to dwindle starting in September and through the remainder of the year before spiking again the following March.
As far as duration goes, the majority (80.8%) of DDoS attacks lasted shorter than 90 minutes from beginning to end. However, the lengthy attacks rose significantly in 2021, as 6.8% of attacks exceeded the 1,200-minute mark. The average attack duration recorded in 2021 was 92.39 minutes, with the longest attack lasting 15,408 minutes, or just over 10 days in length.
A final item highlighted by Nexusguard as part of the study were bit-and-piece attacks. For those unfamiliar with these types of attacks, the company explains “they are carried out through the process of drip-feeding small doses of junk traffic into a large IP pool”. This allows hackers to evade detection through targeting of autonomous system number (ASN) level communication service providers around the world but is large enough to clog the target when the ‘bits and pieces’ are combined from the different IPs.
The number of targeted ASN’s decreased 60% from 2020 to 2021, while the number of targeted countries grew from 23 to 28 over the same period, an increase of 21.74%. The most common type of bit-and-piece attack during last year was TCP acknowledgments, coming in at 35.5%, followed by UDP fragmentation (15.07%) and SSDP amplification (11.29%).