SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
DDoS attack volumes on the rise - report
Tue, 25th May 2021
FYI, this story is more than a year old

DDoS attack volumes are on the rise, according to new research.

The Q1 DDoS Attack Report from Radware has revealed that while the number of attacks held steady (down 2% from Q4 2020), attack volumes increased by 31% in Q1 2021 vs. Q4 2020.

Radware's new quarterly report series, provides an overview of attack activity experienced by a sample of the data security vendor's customers during the first quarter of the calendar year 2021. The report analyses DDoS attack activity by industries, attack vectors, DDoS attacks on applications and on-premise vs. cloud.

The largest recorded attack in Q1 of 2021 was 295Gbps, up from 260Gbps in Q4 of 2020.

The report found the occurrence of major attacks of 10Gbps or more tripled in Q1 2021 vs. December 2020.

While DDoS attacks have traditionally impacted public assets, damaging an organisation's reputation through public exposure, healthcare is different, Radware says.

Those back-end infrastructure attacks are occurring more frequently during weekday business hours, with little activity over weekends or holiday periods. This impacted on day-to-day operations such as the connectivity to cloud-based applications by employees or the remote access for those still working from home.

"The first half of Q1 was characterised by large attacks on finance and a continuation of the 2020 ransom DDoS campaign," says Pascal Geenens, director of threat intelligence for Radware.

"By the end of 2020, the extortionists started circling back to earlier victims who did not pay ransom in earlier attempts, reusing their attack research and increasing the pace of their campaign to benefit from the surging Bitcoin value," she says.

"Several global organisations had branches/remote offices impacted during this period, with actors leveraging new tactics to impact the productivity of organisations by targeting internet connectivity and remote access.

"To overcome the pandemic, organisations began relying on remote operations, teleworking and remote access infrastructure.," says Geenens.

"As a result, DDoS actors found new opportunities and began targeting the backend of the communication infrastructure of organisations.

"With limited bandwidth, attackers can achieve more impact and disrupt a branch or an organisation's operations. Interrupting or affecting the performance of the remote access infrastructure had an increased impact on the organisations' productivity during the pandemic," she explains.

"Attacking the public assets of organisations provides increased visibility, but typically these assets are better protected and harder to bring down."

The report found public-facing assets remained an essential target throughout Q1 of 2021 for actors attempting to impact an organisation's reputation or send a political message.

Healthcare was dominated by biotechnology and pharmaceutical attacks in the first half of Q1 of 2021, while the activity moved to a smaller number of attacks targeting hospitals in the second half of the quarter.

The public assets of large biotechnology organisations were the primary targets and resulted in the most significant attacks for the healthcare vertical for the quarter.

Attacks on finance changed from infrequent, high-volume attacks in December and January to smaller, more frequent global attacks in March, impacting more offices and branches of multinational organisations.

Government experienced high attack activity in October 2020, but the largest volumes were noted in February and March 2021.