DDoS attacks are a more serious threat in Q3 2021 than ever before. The flood of attacks is constant and the incidents prove to be bandwidth-intensive and complex, with operators of digital infrastructures particularly targeted.
This is according to new data from from Link11's network on the development of the DDoS threat.
According to Link11, after Q2 2021 had already shown an increase of 19% compared to the same period of the previous year, the number of attacks rose by another 17% in Q3.
In addition to the worsening of the threat situation in terms of the number of attacks, the increase in attack bandwidths and the rising complexity in attack techniques are also noticeable.
Link11's Security Operation Centre (LSOC) registered an increasing number of high-volume attacks. In 130 attacks, the maximum attack bandwidth exceeded 50 Gbps.
In addition, the maximum bandwidth more than doubled, by 159 %, compared to the same period last year. The largest attack was stopped at 633 Gbps.
Furthermore, the attacks on the same customer added up to 2.5 Tbps within 120 minutes.
While single attack methods are declining, multi-vector attacks are becoming the norm in the DDoS threat landscape, Link11 finds.
The proportion of multi-vector attacks targeting multiple protocols and vulnerabilities, and thus different layers, increased significantly from 62% in Q2 2021 to 78% in Q3 2021, according to the data.
This development poses major challenges to many protection concepts that only focus on one layer or specific attack vectors and pushes them to their limits, the analysts state.
Key figures from the Link11 network on the DDoS threat situation in Q3 2021 include the following:
- The number of attacks continued to increase, with a 17% increase in the number of attacks compared to Q3 2020.
- The increase in the number of attacks amounted to more 1,000%, if 'carpet bombing' attacks are no longer counted as a whole, but as thousands of individual attacks.
- The attack bandwidths remained very high, with the largest attack stopped at 633 Gbps. In addition, there were more than 100 attacks with more than 50 Gbps peak bandwidth.
- The figures also reveal an increasing complexity of attack patterns, with 78% of attacks multi-vector attacks combining several techniques.
- Misused cloud servers were used as DDoS weapons. In every third DDoS attack (33%), the attackers relied on cloud instances.
As mentioned above 'carpet bombing' attacks are evolving into a major challenge for hosting and cloud providers, ISPs and carriers, Link11 finds.
These attacks are technically complex. The data traffic per IP address is so low that many protection solutions do not recognise them as an anomaly, meaning attacks often fly under the radar.
In addition, the attacker does not direct the DDoS traffic to a specific system or server. Not only one IP address is attacked, but an entire network block with several hundred or thousand addresses. According to LSOC's assessment, this form of attack has reached a new level of quality.
Link11 finds that for an inadequately protected hosting provider whose core business is operating servers, it is almost impossible to mitigate such 'carpet bombing'.
Link11 managing director Marc Wilczek says, "Although carpet bombing attacks seem to primarily target hosting and cloud providers, ISPs and carriers, their potential impact should not be underestimated.
"Attackers are intentionally targeting operators of basic digital infrastructures. When these infrastructures go offline, the connected business and working infrastructures of their customers go offline along with them.
"Therefore, there is no reason to give the all-clear. As the phenomenon becomes more prevalent, it is rather a matter of time before other sectors of the economy are confronted with it as well."