Data collected from F5 Silverline, a cloud-based managed services platform detecting and mitigating Distributed Denial of Service (DDoS) attacks in real-time, revealed a three percent year-on-year decline in the overall volume of attacks recorded in 2021.
However, while volume may have declined, the attacks have become larger and more complex over the course of the year.
According to the report, in Q4 2021, the mean attack size recorded was above 21 Gbps, more than four times the level from the beginning of 2020.
Last year also saw the record for the largest-ever attack broken on multiple occasions.
“The volume of DDoS attacks has fluctuated by quarter, but the unmistakable trend is that these attacks are getting larger,” said David Warburton, Director, F5 Labs.
“While the peak size of the attack remained steady throughout 2020, last year we saw it climb consistently. This includes Silverline DDoS Protection tackling several attacks that were successively the largest we had ever seen by an order of magnitude.”
One of the biggest incidents recorded by F5 is a 500 Gbps attack, which happened in February 2021. The record was shattered in November with an attack weighing in at 1.4 Tbps—more than five times larger than the previous year’s record.
Volumetric attacks, which use publicly available tools and services to flood a target’s network with more bandwidth than it can handle, continued to be the most common form of DDoS in 2021, comprising 59 percent of all recorded attacks.
However, volumetric attacks saw a slight decline from 66 percent in the previous year, as the prevalence of protocol and application-type DDoS attacks increased.
This slight shift was underlined by changing the utilisation of protocols. 27 percent of attacks in 2021 harnessed TCP, up from 17 percent the previous year, and indicative of the requirements of a more complex application and protocol-based attacks.
In terms of specific attack methods, there were some notable changes in prevalence: DNS query attacks became more common, up 3.5 percent year-on-year and the use of UDP fragmentation declined 6.5 percent. LDAP reflection also diminished by 4.6 percent and DNS reflection by 3.3 percent.
“Alongside changes in attack type, we continued to observe the strong prevalence of multi-vectored attacks, including the 1.4 Tbps incident that utilised a combination of DNS reflection and HTTPS GETS,” said Warburton.
“This was particularly true at the start of the year when multi-vectored attacks significantly outnumbered single-vector assaults. It illustrates the increasingly challenging landscape for threat protection, with defenders needing to employ more techniques in parallel to mitigate these more sophisticated attacks and prevent a denial of service.”
Banking, financial services and insurance (BFSI) was the most targeted industry by DDoS attacks in 2021, subjected to more than a quarter of the total volume. Meanwhile, the technology sector, which was the most targeted field in 2020, fell into fourth place behind telecommunications and education.
These four industries accounted for 75 percent of all recorded attacks, with a long tail of others including energy, retail, healthcare, transportation and legal that saw hardly any adverse activity.
“Even though the number of attacks tapered off slightly in 2021, the DDoS problem is by no means abating,” said Warburton. “Both the size and complexity of these attacks are increasing, demanding a more agile and multi-faceted response from defenders.
“Although it is reasonable to question the efficacy of attacks that may only last for a few minutes, threat actors know that even a short interruption to a service can have significant consequences and adversely impact brand and reputation.”
