DDoS Attack Trends for Q4 2021

The first half of 2021 witnessed massive ransomware and ransom DDoS attack campaigns that interrupted aspects of critical infrastructure around the world (including one of the largest petroleum pipeline system operators in the US) and a vulnerability in IT management software that targeted schools, public sector, travel organizations, and credit unions, to name a few.

The second half of the year recorded a growing swarm of one of the most powerful botnets deployed (Meris) and record-breaking HTTP DDoS attacks and network-layer attacks observed over the Cloudflare network. This besides the Log4j2 vulnerability (CVE-2021-44228) discovered in December that allows an attacker to execute code on a remote server — arguably one of the most severe vulnerabilities on the Internet since both Heartbleed and Shellshock.

Prominent attacks such as the ones listed above are but a few examples that demonstrate a trend of intensifying cyber-insecurity that affected everyone, from tech firms and government organizations to wineries and meat processing plants.

Here are some DDoS attack trends and highlights from 2021 and Q4 ‘21:

Ransom DDoS Attacks

  • In Q4, ransom DDoS attacks increased by 29% YoY and 175% QoQ.
  • In December alone, one out of every three survey respondents reported being targeted by a ransom DDoS attack or threatened by the attacker.

Application-layer DDoS Attacks

  • The Manufacturing industry was the most attacked in Q4 ‘21, recording a whopping 641% increase QoQ in the number of attacks. The Business Services and Gaming/Gambling industries were the second and third most targeted industries by application-layer DDoS attacks.
  • For the fourth time in a row this year, China topped the charts with the highest percentage of attack traffic originating from its networks.
  • A new botnet called the Meris botnet emerged in mid-2021 and continued to bombard organizations around the world, launching some of the largest HTTP attacks on record — including a 17.2M rps attack that Cloudflare automatically mitigated.

Network-layer DDoS Attacks

  • Q4 ‘21 was the busiest quarter for attackers in 2021. In December 2021 alone, there were more than all the attacks observed in Q1 and Q2 ‘21 separately.
  • While the majority of attacks were small, terabit-strong attacks became the new norm in the second half of 2021. Cloudflare automatically mitigated dozens of attacks peaking over 1 Tbps, with the largest one peaking just under 2 Tbps — the largest we’ve ever seen.
  • Q4 ‘21, and November specifically, recorded a persistent ransom DDoS campaign against VoIP providers around the world.
  • Attacks originating from Moldova quadrupled in Q4 ‘21 QoQ, making it the country with the highest percentage of network-layer DDoS activity.
  • SYN floods and UDP floods were the most frequent attack vectors while emerging threats such as SNMP attacks increased by nearly 5,800% QoQ.

DDoS attacks are a common occurrence in the age in which we live and every successful business should resist them, which can be achieved by using a cloud infrastructure such as CDN.

Related Posts