The volume of blocked DDoS attacks in the second quarter increased by more than 40% compared to the same period in 2020, according to a report from Radware. The report provides an overview of DDoS attack trends by industry, as well as across applications and attack types.
- On average, a company had to detect and block nearly 5,000 malicious events and a volume of 2.3 TB per month in the second quarter of 2021.
- In the second quarter of 2021, the average number of malicious events blocked per company increased by more than 30% and the average blocked volume per company increased by more than 40% compared to the second quarter of 2020.
- In the first half of 2021, a company based in the Americas or Europe, the Middle East and Africa (EMEA) had to sell twice as much volume on average as a company based in Asia Pacific (APAC). The Americas and EMEA accounted for around 80% of the volume of attacks blocked over the same period.
“While major ransomware attacks are making the headlines, there are other cyber threats businesses need to watch out for,” said Pascal Geenens, director of threat intelligence at Radware.
âFrom an increase in DDoS extortion campaigns and DDoS hit-and-run attacks to a hacktivist group targeting financial companies in the Middle East, the second quarter saw a worrying amount of cyber activity compared to activity in the same quarter Year. The results of this report should be a powerful reminder to companies that no company is protected from being a target. “
Technology is at the forefront of the most attacked industries
According to the report, the industry was the most attacked industry in the quarter, with an average of nearly 3,000 attacks per company, followed by Healthcare (2,000 attacks per company) and Finance (1,350 attacks per company). The number of attacks in retail, communications and telecommunications averaged between 600 and 1,000 per company.
Gaming averaged more than 400 attacks per company, while an average of around 280 attacks were targeted against government and utilities. In terms of block volume, retail had the highest volumes in the second quarter, followed by gaming, telecommunications and technology, which blocked the second, third, and fourth highest volumes, respectively.
Aggressive burst attacks against technology and financial companies
The report also revealed that there were notable burst attacks in the second quarter of 2021. These attacks were targeted at companies in the finance and technology sectors. These hit-and-run DDoS attacks use repeated short bursts of high-volume attacks and were particularly aggressive in terms of their amplitude (attack size) and frequency (number of outbreaks per unit of time).
One attack showed multiple consistent 80 Gbps bursts that lasted two to three minutes and repeated every four minutes. This resulted in 12 attack bursts of 80 Gbps within a 45 minute time frame.
Ransom denial of service campaigns are returning
In the second quarter there was another DDoS blackmail campaign by an actor who posed as Fancy Lazarus. By the end of May, Radware had numerous emergency onboardings of its cloud security services from organizations that received these ransom notes.
Ransom Denial of Service (RDoS) attacks, in which the victim receives a letter asking them to pay a ransom or becomes the target of a DDoS attack, have been an integral part of the DDoS threat landscape since August 2020.
Malicious scanners exploit vulnerabilities
In the second quarter of 2021, companies blocked an average of almost 2,000 scan events from unsolicited vulnerability scanners. According to the attack report, 40% of these scans were performed by potentially malicious scanners that were actively exploiting known vulnerabilities and attempting to attack a company.
Vulnerability scanners are automated tools that organizations can use to determine whether their networks and applications have any security vulnerabilities that could expose them to attack.
“Organizations are challenged by well-organized threat actors,” Geenens said. âThe window between the disclosure and the use of weapons for new vulnerabilities is becoming very narrow. In some cases, we observed less than 24 hours between a vendor’s release of a patch and malicious activity attempting to exploit the vulnerability. “