SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
DDoS
#
CIOs
#
Cyber attacks
Maximum DDoS attack size grows by 297%, report finds
Tue, 31st May 2022
FYI, this story is more than a year old
Author image
By Catherine Knowles, Journalist
Follow us

The total number of distributed denial-of-service (DDoS) attacks fell 13% in 2021 over 2020, but were still well above pre-pandemic levels, according to Nexusguard researchers in the recently released DDoS Statistical Report for 2021.

Additionally, according to the report, while the average attack size fell by 50% over 2021 the maximum attack size nearly tripled, growing 297% over the same period.

The top three DDoS attack vectors in 2021 were UDP (user datagram protocol) attacks, DNS (domain name system) amplification attacks, and TCP (transmission control protocol) acknowledgment attacks.

UDP attacks were still the most common form of DDoS attack, even though they accounted for a smaller percentage of attacks this year, falling from 59.9% in 2020 to 39.1% in 2021, the researchers found.

According to the report, UDP attacks can quickly overwhelm the defences of unsuspecting targets, and they frequently serve as a smokescreen to mask other malicious activities such as efforts to compromise personal identifiable information (PII) or the execution of malware or remote codes.

DNS amplification attacks were the second most common, even though they also account for a smaller percentage of total attacks than they did 12 months ago, declining from 14.2% in 2020 to 10.4% in 2021, the report finds.

A DNS amplification attack occurs when UDP packets with spoofed target IP addresses are sent to a publicly accessible DNS server. Each UDP packet makes a request to a DNS resolver, often sending an 'ANY' request in order to receive a large number of responses.

Attempting to respond, DNS resolvers send a large response to the target's spoofed IP address. The target thus receives an enormous amount of responses from the surrounding network infrastructure, resulting in a DDoS attack.

TCP acknowledgment (ACK) attacks, on the other hand, accounted for a larger share of total attacks. Overall they rose to become the third most common form in 2022. In 2021, TCP ACK attacks accounted for 3.7%, which rose to 9.7%.

In these kinds of attacks, a large quantity of ACK packets with spoofed IP addresses are sent to the victim server, forcing it to process each ACK packet it receives, rendering the server unreachable by legitimate requests.

Nexusguard chief technology officer Juniman Kasman commented on the research saying, "While the number and average size of DDoS attacks fell in 2021 over 2020, the threat level is still very high when compared to pre-pandemic levels.

"Attack vectors are also in flux, because while UDP attacks are still the most common, TCP ACK, which can exponentially amplify the effect of a DDoS event with a small amount of traffic, rose significantly."

He concludes, "Organisations need to be prepared to deal with a wide array of vectors DDoS remains a persistent, elevated threat."

Related stories
First-party data collection prioritised due to privacy laws
MotivationWorks upgrades cybersecurity with Radware
ExpressVPN research raises awareness of DNS leak risks
Mako boosts defence against cyber attacks with Radware's protection services
New In the Wild 2024 report reveals key cyber threats
Top stories
Business leaders anxious over data security – report
Half of online traffic in 2024 generated by bots, report finds
Understanding the key to boosting cybersecurity habits: Kaspersky study
Axis unveils hybrid cloud platform for adaptable security solutions
Spirent partners with online payments platform to boost cyber defenses