Radware's Q3 DDoS and Application Report has noted a massive uptick in the number of DDoS attacks being blocked, particularly against the communications, healthcare, and technology sectors.
Radware's director of threat intelligence, Pascal Geenens, says in the first nine months of 2021 there were more blocked attacks than there were in the entirety of 2020.
Geenens explains, "During the third quarter, DDoS records for large volumetric attacks were broken across three continents. At the same time, phantom floods, or micro attacks that typically fly below the radar, increased. The reality is that organisations need more granular detection and multi-layer defences to protect against stealthier and more complex DDoS attacks."
The report notes that Radware's DDoS mitigation system blocked 75% more attacks in 2021, however, DDoS attacks dipped slightly below previous quarters this year.
The most attacked industries in Q3 include technology (an average of 2,638 attacks per company), healthcare (1,785 attacks per company), communications (1,525 attacks per company), and finance (1,337 attacks per company).
The report also analyses the amount of blocked web security events, of which there were 2.1 million per company, per quarter. This, according to Radware, averages 700,000 blocked events every month for a single company.
Radware also says that these attacks include predictable resource location attacks, SQL injection, code injection, and cross-site scripting. These findings are aligned with similar findings in the OWASP Foundation's 2021 Top 10 list.
"Network scanning and attack activity was marked by opportunistic and random scanning that constitutes a large part of the vulnerability and exploit threat landscape,” Geenens notes.
"Malicious actors continuously leverage old and freshly disclosed vulnerabilities such as remote command execution and command injection exploits that are easy to integrate into existing malware and exploit tools. Along with the evolution in cloud resources and services, there is no more hiding on the internet. Every deep corner of the internet gets inventoried in convenient IoT search engines."
Web security events predominantly targeted banking and finance, which accounted for almost 23% of blocked web security events, followed by government (16%), technology (15%), and retail and wholesale trading (12%).
Findings at a glance:
- During the first ninth months of 2021, 75% more DDoS events were blocked compared to the same period in 2020
- Banking/finance received the most application-layer attacks in Q3 2021
- Hadoop was the most exploited service in Q3 and tops the charts in unsolicited scans and attacks
- Account takeover and default account abuse still accounts for most of the activity Q3 with SSH, VNC and RDP topping the most scanned and exploited TCP port charts
- Lower numbers of DDoS attacks and attack volumes might be indicative of a shift in tactics from volumetric floods to application-level attacks.