Data collected by F5 shows that Distributed Denial-of-Service (DDoS) attacks grew both in size and complexity over the past year.
Although the overall number of DDoS incidents fell slightly compared with the previous year, the intensity and impact of individual attacks rose sharply in 2021.
By the fourth quarter of 2021, the average DDoS attack exceeded 21 Gbps—more than four times the average at the start of 2020.
Last year not only produced a higher average attack size, but multiple record-breaking single events were observed.
“The volume of DDoS attacks has fluctuated by quarter, but the unmistakable trend is that these attacks are getting larger,” said David Warburton, Director of F5 Labs.
“While peak attack sizes remained fairly constant throughout 2020, we saw consistent growth last year. Silverline DDoS Protection handled several incidents that successively became the largest we had encountered by an order of magnitude.”
In February 2021, F5 observed a 500 Gbps attack setting a new high. That record was eclipsed in November by a 1.4 Tbps attack—over five times larger than the previous year’s top incident.
Volumetric attacks remained the most common type at 59%, where attackers overwhelm network capacity using widely available tools and services to flood bandwidth.
However, volumetric attacks slightly declined as protocol-based and application-layer DDoS attacks rose. Application-layer attacks increased by nearly five percent year-on-year.
Attacks using the TCP protocol accounted for 27% of incidents in 2021, up from 17% the year before. DNS query-based attacks also rose by 3.5% year-on-year.
Some attack vectors fell out of favor: UDP fragmentation attacks dropped by 6.5%, LDAP reflection by 4.6%, and DNS reflection by 3.3%.
“Alongside changes in attack type, we continued to observe a strong prevalence of multivectored attacks, including the 1.4 Tbps incident that combined DNS reflection with high-volume HTTPS GET requests,” Warburton added.
“Early in the year especially, multivectored assaults outnumbered single-vector attacks. This trend underscores the growing difficulty of defending networks: mitigation now requires multiple parallel techniques to protect services and prevent outages.”
The BFSI (Banking, Financial Services, and Insurance) sector was the most targeted industry in 2021, accounting for more than a quarter of all observed DDoS traffic.
Notably, the technology sector—previously the top target in 2020—fell to fourth place behind telecommunications and education.
Together, BFSI, technology, telecoms, and education accounted for 75% of attacks in 2021. Sectors such as energy, retail, healthcare, transportation, and legal experienced relatively few DDoS incidents.
“Even when attacks last only a few minutes, threat actors understand that brief service interruptions can have serious consequences, harming brand reputation and customer trust,” Warburton concluded.
(Photo by NASA on Unsplash)
Interested in learning more about cybersecurity from industry experts? Consider attending Cyber Security & Cloud Expo events. The series will take place in Santa Clara on 11–12 May 2022, Amsterdam on 20–21 September 2022, and London on 1–2 December 2022.
Discover other upcoming enterprise technology events and webinars powered by TechForge here.