This annual report is to review a year that was defined by arguably the worst pandemic the world has seen in 100 years. We look back at some of the key insights, findings and trends covered in our previous quarterly reports, and how COVID-19 impacted not only cybersecurity, but also the way we now work and live. We will look into how the threat landscape has evolved in terms of the increase in DDoS attacks over the past year, the increasing complexity and sophistication of attacks, and will compare relevant statistics against those garnered in 2019. Lastly, in view of the challenges faced by CSPs, service providers, enterprises and organizations in these unprecedented times, we will share our foresights on how DDoS attacks will evolve and recommendations on how best to tackle, mitigate and manage the ever-evolving cyber threats in the post COVID-19 world.
- COVID-19 drove DDoS attacks to new heights: A 341.21% year-over-year (YoY) increase in the number of DDoS attacks was recorded in March, accounting for 23.96% of all attacks in 2020. Q2 constituted 38.33% of attacks, representing the highest concentration of attacks in 2020. Interestingly, the number of attacks fell in July to 6.99% and this downward trend continued through till December.
- Attack motives were as varied as the attacks themselves: From March onwards, according to our findings there was an increase in extortion and ransom DDoS (RDDoS) attacks against a wide range of industries around the world.
- DDoS attacks are more complex than ever: In March, apart from traditional DDoS attacks, we identified other abnormal traffic Feb patterns, including small-sized, short attacks dubbed “invisible killers.” April to August witnessed a shift in tactics which saw attackers opting for a more deceptive and sophisticated approach, by utilizing a more elaborate practise of bit-and-piece attacks to launch amplification and other types of UDP-based attacks to flood target networks with traffic. Attacks launched from September through to December took a more sinister turn with
perpetrators concealing TCP-based attacks within volumetric attacks, utilizing the volumetric attack as a cover.
- Look ahead to 2021/2022: Predictions & Recommendations
1. Organizations, including CSPs, that rely on threshold and signature-based detection 1 methods will experience severe outages as a
result of DDoS attacks
2. The effectiveness of authentication-based mitigation will be further tested as application attacks are predicted to double in 2021/2022
3. Ransom DDoS attacks will increase by 30%
4. DDoS attacks < 10Gbps will account for 99% of all attacks
The continued discovery of new attack patterns in recent times, especially small-sized attack traffic that have been able to evade threshold and signature-based detection systems suggests that CSPs need to enhance their security posture and look into employing more effective ways to protect their networks, infrastructures and customers.