Fewer DDoS attacks in 2021
According to an evaluation by IT security service provider Nexusguard, the total number of DDoS attacks in 2021 fell by 13 percent compared to 2020, but the number of cases is still far higher than before the pandemic.
The total number of distributed denial of service (DDoS) attacks decreased by 13 percent in 2021 compared to 2020, but was still well above pre-pandemic levels, according to Nexusguard researchers in the recently released 2021 DDoS statistics report. While the average attack size decreased by 50 percent in 2021, the maximum attack size tripled by 297 percent over the same period. The top three DDoS attack vectors in 2021 were UDP (User Datagram Protocol) attacks, DNS (Domain Name System) attacks and TCP (Transmission Control Protocol) attacks.
The most common DDoS attacks
UDP attacks remained the most common form of DDoS attack, although their share declined this year from 59.9 percent in 2020 to 39.1 percent in 2021. UDP attacks can quickly overwhelm the defenses of unsuspecting targets and often serve as a cover to disguise other malicious activity, such as attempts to compromise personal data or the execution of malware or remote code.
DNS attacks were the second most prevalent, although they also accounted for a smaller share of total attacks than 12 months ago, falling from 14.2 percent in 2020 to 10.4 percent in 2021. In a so-called DNS amplification attack, UDP packets with spoofed destination IP addresses are sent to a publicly accessible DNS server. Each UDP packet makes a request to a DNS resolver and often sends an "ANY" request to get a large number of responses. When attempting to respond, DNS resolvers send a large response to the spoofed IP address of the target. In this way, the target receives a huge amount of responses from the surrounding network infrastructure, resulting in a DDoS attack.
Increasing number of ACK attacks
TCP acknowledgment (ACK) attacks, on the other hand, accounted for a larger year-over-year share of total attacks and became the third most common type of attack in 2022. In 2021, TCP ACK attacks accounted for 3.7 percent and then increased to 9.7 percent. In this type of attack, a large number of ACK packets with spoofed IP addresses are sent to the victim server, forcing it to process each ACK packet received, making the server unreachable for legitimate requests.
"Although the number and average size of DDoS attacks have decreased in 2021 compared to 2020, the threat level is still very high when compared to pre-pandemic levels," said Juniman Kasman, chief technology officer at Nexusguard. "Attack vectors are also in flux, as while UDP attacks are still the most common, TCP ACK, which can exponentially amplify the impact of a DDoS event with a small amount of traffic, have increased significantly. Enterprises must be prepared to deal with a wide range of vectors - DDoS remains a persistent, elevated threat."
Source: Nexusguard
