DDoS Threat Report 2021 Q3

Q3 saw a notable trend in which attackers launched DDoS attacks at single targets within a CSP, attributing an attack size increase of 544% QoQ and 232% YoY. Over 55% of attacks focused on hitting a specific service with high volumes of traffic simultaneously, and according to our research, several 500 Gbps plus attack events were recorded, peaking at 586 Gbps. Due to the dramatic increase in attack size, this shift to employing high-penetration volumetric attacks can potentially lead to additional impact to CSP networks, regionally.

Key Observations:
  • Attackers target specific services using large volumetric attacks: Of the volumetric attacks that were employed, TCP ACK and UDP attacks accounted for 55.62% of all attacks. One of the reasons behind adopting such attacks lies in the design of CSP networks - TCP ACK and UDP traffic can be transmitted from the attack source to the target CSP very efficiently. And aside from attacks with obvious signatures, upstream ISPs tend not to interfere with passing traffic.
  • Impact of high-penetration volumetric attacks: Owing to upstream ISPs’ lack of transparency and knowledge of the TCP and UDP services that pass through them and arrive at their peers, attackers have been successful in launching TCP ACK and UDP attacks. In the case of targeted CSPs, concentrated influxes of large volumes of attack traffic flooded CSP networks after passing through a number of upstream ISPs, cutting off access to services of downstream customers.
  • Challenges faced by CSPs: When CSP networks have been severely affected by an attack, the first port of call is to blackhole the destination IPs. However, if the corresponding service has no DDoS mitigation backup plan in place, the attack will still cause online services to become unavailable.

You may be interested in

DDoS Statistical Report for 1HY 2023

The DDoS Statistical Report for 1HY 2023 shows significant changes in attack patterns and trends in the first half of 2023, revealing details of attack size, duration, types, categories, distribution and targets.

The most common attack types in 1HY 2023 were NTP Amplification Attacks and ...

DDoS Statistical Report for 2022

This is the Distributed Denial of Service (DDoS) Statistical Report for 2022. This comprehensive report unveils the global shift in the DDoS threat landscape, providing key observations, metrics, and trends for the year. Discover the types of att...

DDoS Statistical Report for 1HY 2022

In the first half of 2022, the total attack count and average attack size increased by 75.60% and decreased by 55.97% respectively compared to the figures recorded in the second half of 2021. Compared to the second half of 2021, the maximum attack size...

DDoS Statistical Report for 2021

In 2021, the total attack count and average attack size both fell by 13.32% and 50.00% respectively compared to the figures registered in 2020. Compared to 2020, the maximum attack size increased by 296.62%, with the maximum attack size clocking in at 699.20 Gbps. Besides, Read More >