Record-breaking DDoS activity surged into the first quarter of 2021

NETSCOUT’s 2H2020 Threat Intelligence Report correctly predicted that 2020’s record-breaking distributed denial of service (DDoS) attack activity would follow the COVID-19 pandemic into 2021.

According to research from NETSCOUT’s ATLAS Security Engineering & Response Team (ASERT), threat actors launched approximately 2.9 million DDoS attacks in the first quarter of 2021, a 31% increase from the same time in 2020.

Several other things jumped out from our comparison of the Q1 2021 stats with those of 2020. Attack size remained relatively flat, with no massive terabit attacks observed. Meanwhile, attackers continue to find value in pouring on faster, more difficult-to-mitigate attacks. Adversaries ratcheted up throughput considerably, as the max throughput recorded increased 71% compared with Q1 2020. Attackers also seem to be homing in on a duration sweet spot of five to ten minutes, used by 42% of attacks. Attacks under five minutes dropped from 24% to 19%, while longer-duration attack numbers did not change appreciably.

Finally, we examined activity targeting pandemic lifeline industries such as ecommerce, online learning, and healthcare, which all experienced increased attention from malicious actors in 2020. Judging from attack numbers over the past three quarters, these areas largely remain targets, although there are fluctuations.

Healthcare organizations experienced about 7,000 attacks in the third quarter of 2020, 10,000 attacks in the fourth quarter, and 8,400 attacks in the first quarter of 2021. That Q1 number represents a 53% increase year over year.

We saw a 41% jump in attacks on educational services over the past three quarters: 32,000 attacks from July-September 2020, 39,000 attacks from October-December, and 45,000 attacks in the first quarter of 2021.

Although still high relative to non-pandemic quarterly numbers, activity in Other Information Services (a sector inhabited by companies such as Netflix and Zoom) has declined by 20% over the past three quarters, from 74,000 attacks in the third quarter of 2020 to 59,000 attacks in Q1 2021.

As we know, adversaries thrive on constant innovation. Attacks will only grow more complex, and threat actors will continue to discover and weaponize new attack vectors designed to exploit the vulnerabilities exposed by this enormous digital shift. It is imperative that defenders and security professionals remain vigilant to protect the critical infrastructure that connects and enables the modern world.