Ransomware may have been particularly popular in 2021, but there is a good chance that once again in 2022, DDoS will be a major concern for the cyber security world, as DDoS attacks have been massively increasing in recent months. Security experts suspect that this is just the tip of the iceberg. The dangerous thing about DDoS is that they are difficult to stop using conventional means. The attack is dispersed, i.e. it originates from different sources, so it is insufficient just to block a single source. In this article, we provide you with an overview of the latest developments over the last few months, explain the current risk situation and recommend how to prepare for this wave of DDoS attacks.
In past articles (e.g. here and here , we reported on the rapid increase in Distributed Denial of Service (DDoS) attacks*, and potential future scenarios that even then did not augur well. Now those fears have materialised. NETSCOUT recently published the results of its semi-annual Threat Intelligence Report . In the second half of 2021, cyber criminals launched approximately 4.4 million DDoS attacks, bringing the total number of DDoS attacks in 2021 to 9.75 million, which is equivalent to one attack every three seconds.
Similar conclusions have been reached by other companies, such as the network provider Cloudflare. It reports that terabit-strong attacks increased massively in the second half of 2021. Their analysed peak value was a DDoS attack with just under two terabits per second, which lasted a total of only two minutes and was launched by 15,000 bots.
DDoS are becoming more frequent – and rarely occur alone
The most insidious thing about DDoS attacks is that they rarely occur alone, because the attackers’ aim is not just to shut down servers and web applications. Of course, there are exceptions such as politically motivated attacks, like those found in the current conflict between Russia and Ukraine. All the same, financial objectives are often at the core. In Cloudflare's research, one in three organisations impacted by DDoS reported that they received a ransomware demand afterwards so, in other words, DDoS was combined with ransomware . Research also shows that there have never been as many DDoS-related ransomware attacks as in the last quarter of 2021, and NETSCOUT's Threat Intelligence Report supports these findings. In particular, they found that many DDoS extortion campaigns were committed by the Avaddon, REvil, BlackCat, AvosLocker and Suncrypt ransomware groups.
(Unfortunately for them) the combination also works quite well the other way around. Fortuitously the sharp increase in ransomware in recent years has meant that companies are now better prepared. However, attackers are also aware of this and have reacted. For example, a potential defence against ransomware attacks can be stopped using DDoS, and so in turn, the pressure to pay can be stepped up.
Both the bad and the good news – the Threat Intelligence Report
This was just a small selection of many different sources and studies that show that the "DDoS year" forecast is not mere speculation. To find out more about worldwide and country-specific DDoS trends, the impact of Covid-19 and why IoT devices are particularly vulnerable to DDoS, read the NETSCOUT Threat Intelligence Report (2H 2021), which you can download free of charge here:
Multi-layer DDoS protection is more important than ever
NETSCOUT's Arbor Cloud DDoS service is a tried and tested solution recommended by our security experts. It provides fully managed, smartly automated protection against DDoS attacks, from the data centre to the cloud. With 14 data cleansing centres worldwide which are able to analyse traffic and detect and block DDoS at an early stage, Arbour Cloud offers over 11 terabits per second of attack prevention capacity.
Would you like to learn more about NETSCOUT's products and their specific benefits for your company? We look forward to having you contact us!
Do you know how capable your company is of withstanding DDoS attacks?
Use NETSCOUT's exclusive "DDoS Security Health-Check" and obtain full visibility and transparency into the status of your DDoS protection.
*DDoS – short for Distributed-Denial-of-Service – belongs to the category of Denial of Service attacks (DoS). A large number of infiltrated systems are mobilised to attack a single target, crippling servers and web applications.