Distributed denial of service (DDoS) attacks have been a significant feature of the cyber threat landscape over the past two decades. As the 2021 Imperva 2021 Global DDoS Threat Landscape Report shows, attacks are constantly evolving in size, volume, frequency and complexity. What doesn’t change is the attackers’ focus on critical infrastructure. Not only is the number of DDoS attacks per month increasing – attacks have increased four-fold – but volume and packets are also on the rise since 2020, at 2X and 3X respectively.
While we were compiling this report, Imperva mitigated its largest DDoS attack to date, with a throughput of 1.02 terabits per second (Tbps) and 155 million packets per second (Mpps). Previously, Imperva had stopped attacks in which highs were 646 gigabits per second (Gbps) and 936 Gbps in August and September 2020, respectively. Although those attacks took place outside the scope of this report (the first half of 2021), they serve to underline a clear trend towards shorter, higher volume attacks, where the average attack duration is just six minutes.
Coupled with a rise in the use of Transmission Control Protocol (TCP), it’s clear that attackers understand that organisations with low or no defenses are easy targets. For those without always-on defenses in place, shorter attacks allow attackers to create maximum disruption before mitigation can kick in. When attackers take this “rinse and repeat” approach, it’s harder for organizations to mitigate and manage attacks.
As far as targeted industries are concerned, the focus of the attackers in 2021 are the Computing and IT, Corporate Business and Financial Services sectors.
Finally, it’s notable that, in the first half of 2021 (H1 2021), every day was a good day for DDoS attackers: attack volumes were consistently high every day of the week.