NETSCOUT reports 5.4 million attacks in the first half of 2021

According to research from NETSCOUT’s ATLAS Security Engineering and Response Team (ASERT), threat actors launched approximately 5.4 million Distributed Denial-of-Service (DDoS) attacks in the first half of 2021, an 11 percent increase from the same time period in 2020, putting the world on track to hit close to 11 million DDoS attacks in 2021. But Q2’s numbers do show some signs of abatement:

  • ASERT observed 2,488,048 attacks in the second quarter, a 13 percent decrease compared with the first quarter’s extraordinary number of 2,863,882.
  • The second quarter 2021 numbers also decreased by 6.5 percent compared with the same period in 2020.
  • In June, monthly DDoS attack numbers dropped below 800,000 for the first time since March 2020, to 761,914.

But although attack frequency has dropped, we are nowhere near the attack numbers that were considered normal prior to the onset of the COVID-19 pandemic. To put things in perspective, we pulled data from the before the pandemic: 2019. In comparison, the second quarter numbers from 2021 showed a continued high level of activity:

  • 13 percent more attacks in 2021 than 2019
  • The lowest monthly number of attacks for Q2 21 came in June, with 761,914 attacks. That low number nonetheless topped the high-water mark of Q2 2019: April’s 755,748 attacks.

Several other things jumped out from our review of both quarterly and first-half statistics for 2021.

  • The top five DDoS attack vectors seen in the first half of 2021 were TCP ACK, DNS amplification, TCP SYN, TCP RST, and TCP SYN/ACK amplification.
  • Attackers continue to find value in pouring on faster, more difficult-to-mitigate attacks. Adversaries ratcheted up throughput considerably, with the max throughput recorded increasing by 65 percent compared with Q1 2020.
  • When it comes to attack duration in Q2 2021, attacks of five to ten minutes continued to top the list, used by 38 percent. We also saw a slight increase in attacks lasting between 10 minutes and an hour compared with Q1 duration numbers.

Adversaries will never turn down an opportunity for innovation—and the COVID-19 pandemic provided an enormous one. As such, the pandemic’s long tail of cyberthreat innovation will likely continue well into 2021 as cybercriminals continue to discover and weaponize new attack vectors that exploit pandemic-related vulnerabilities.