The NexusGuard study also found that the average attack size decreased while the maximum attack size tripled.

Image: iStockphoto / ApoevAndrey

As part of NexusGuard’s “DDoS statistical report for 2021“, It was found that despite the reduction in the speed of DDoS attacks from 2020 to 2021, the number of attacks still exceeds those carried out before the COVID-19 pandemic, as the total number of DDoS attacks decreased by 13.3 % from 2020 to 2021, according to the DDoS protection company.

While the average attack size dropped in 2021, the maximum attack size jumped to 699.2 Gbps, an increase of 297% over the same period. The average size of the attack was 0.76 Gbps, down 50% from early to late last year.

DDoS attacks, in numbers

According to NexusGuard, the three most common vectors of attack in the last year are:

  • UDP attacks (39.06%)
  • DNS amplification attacks (10.4%)
  • TCP confirmation attacks (9.7%)

Undoubtedly the most common methods, broken down by category, are large-scale or direct flood attacks, accounting for 79% of the attacks registered in 2021. When considered by protocol, UDP and TCP-based attacks are the most common, reaching 69.5% and 20.5% respectively.

“While the number and average size of DDoS attacks fell in 2021 from 2020, the level of threat is still very high compared to pre-pandemic levels,” said Juniman Kasman, Nexusguard’s chief technology officer. “Attack vectors are also changing because while UDP attacks are still the most common, the TCP ACK, which can exponentially amplify the effect of a low-traffic DDoS event, has increased significantly. Organizations need to be prepared to deal with a wide range of vectors – DDoS remains a constant, increased threat. “

Strangely, March had the highest number of DDoS attacks permanently in five years, which may be due to the return of cybercriminals to work after the winter holidays. Another open trend is that attacks in June, July and August usually signal the end of the “season” of DDoS attacks, as the number of attacks begins to decline from September until the rest of the year before rising again next March. .

In terms of duration, the majority (80.8%) of DDoS attacks lasted less than 90 minutes from start to finish. However, prolonged attacks increased significantly in 2021, as 6.8% of attacks exceeded the 1,200-minute mark. The average duration of the attack registered in 2021 was 92.39 minutes, with the longest attack lasting 15,408 minutes or just over 10 days.

LOOK: Mobile device security policy (TechRepublic Premium)

Gradual attacks

The last element highlighted by NexusGuard as part of the study was unit attacks. For those unfamiliar with these types of attacks, the company explains that “they are carried out through the process of dripping small doses of unwanted traffic into a large IP pool.” This allows hackers to avoid detection by targeting Autonomous System (ASN) providers around the world, but is large enough to block the target when “bits and pieces” are combined from different IP addresses.

The number of target ASNs decreased by 60% from 2020 to 2021, while the number of target countries increased from 23 to 28 over the same period, an increase of 21.74%. The most common type of unit attack last year was TCP confirmations, coming in at 35.5%, followed by UDP fragmentation (15.07%) and SSDP strengthening (11.29%).

DDoS attacks decreased in 2021, still above pre-pandemic levels