DDoS attacks in 2021

guest · Jul 28, 2021

DDoS attacks in Q2 2021
July 28, 2021
https://securelist.com/ddos-attacks-in-q2-2021/103424/

In terms of big news, Q2 2021 was relatively calm, but not completely eventless. For example, April saw the active distribution of a new DDoS botnet called Simps — the name under which it introduced itself to owners of infected devices. The malware creators promoted their brainchild on a specially set-up YouTube channel and Discord server, where they discussed DDoS attacks. The actual DDoS functionality of Simps is not original: the code overlaps with the Mirai and Gafgyt botnets.
Quarter trends
As expected, Q2 2021 was calm. We recorded a slight fall in the total number of DDoS attacks compared to the previous quarter, which is typical for this period and seen every year, barring the anomalous 2020. This drop we traditionally associate with the start of the vacation period. It tends to continue through Q3, and we expect no change this year.
Click to expand...

Conclusion
The DDoS market continues to stabilize after last year’s shakeup. As expected, Q2 2021 demonstrated the traditional summer lull. That said, we did see some abnormally long attacks, as well as shifts in the DDoS geography. The number of attacks in China, which long topped the ranking, continued to decline, at the same time as DDoS activity in Poland and Brazil increased markedly. Other than that, it was a pretty ordinary second quarter.
Click to expand...

Aaron Cook · Aug 2, 2021

Given the volume of DDoS attacks the market has seen in recent years, you would think organizaitons are investing more in volume metric DDoS mitigation paltforms. How have hacker groups evolved their attack methodology to continue infilitrating organizaitons on a daily basis? Are mulitvector attacks on the rise?

guest · Nov 5, 2021

Cloudflare report highlights devastating DDoS attacks on VoIP services and several 'record-setting HTTP attacks'
November 5, 2021
https://www.zdnet.com/article/cloud...ices-and-several-record-setting-http-attacks/

Cloudflare released its Q3 DDoS Attack Trends report this week, capping a record-setting quarter that saw a number of devastating attacks on VoIP services.

Cloudflare researchers said they saw the several "record-setting HTTP DDoS attacks, terabit-strong network-layer attacks and one of the largest botnets ever deployed (Meris)," noting the emergence of ransom DDoS attacks on voice over IP (VoIP) service providers. The attack on Bandwidth.com left dozens of companies scrambling to deal with outages.
Click to expand...

The US topped the list for the second quarter in a row of countries with the most targeted companies. But Cloudflare noted that companies in the UK and Canada also shot up the list.
Computer software, gaming, gambling, IT and Internet companies saw an average increase in attacks of 573% compared to the previous quarter.

Cloudflare data showed that most DDoS attacks originated from devices and servers in China, the US and India, but the number of attacks from China decreased 30% throughout the quarter.
Click to expand...

Cybercriminals typically use SYN floods as their method of attack but there was a 3,549% QoQ increase in attacks over DTLS.

"Being alerted to a possible DDoS attack and identifying what is impacted allows security teams to take a proactive approach instead of reacting to downed services. Businesses should use edge-based, volumetric L4 DDoS protections complementing L7 DDoS protections close to internet facing applications."
Click to expand...

Cloudflare: DDoS Attack Trends for Q3 2021

The third quarter of 2021 was a busy quarter for DDoS attackers. Cloudflare observed and mitigated record-setting HTTP DDoS attacks, terabit-strong network-layer attacks, one of the largest botnets ever deployed (Meris), and more recently, ransom DDoS attacks on voice over IP (VoIP) service providers and their network infrastructure around the world.

Here’s a summary of the trends observed in Q3 ‘21: [...]
Click to expand...

guest · Nov 8, 2021

Kaspersky Finds DDoS Attacks in Q3 Grow by 24%, Become More Sophisticated
November 8, 2021
https://www.darkreading.com/attacks...ks-in-q3-grow-by-24-become-more-sophisticated

Kaspersky today publishes its Distributed Denial of Service (DDoS) Q3 2021 report, which found when compared to Q3 2020, the total number of DDoS attacks increased by nearly 24%, while the total number of smart attacks (advanced DDoS attacks that are often targeted) increased by 31% when compared to the same period last year. Some of the most notable targets were tools to fight the pandemic, government organizations, game developers, and well-known cybersecurity publications.

DDoS attacks are aimed at overwhelming a network server with requests for services so that the server crashes, denying users access.
So-called “smart” DDoS attacks go one step further. These attacks are more sophisticated, often targeted, and can be used not just to disrupt services, but also to make certain resources inaccessible or steal money. Both types of attacks were on the rise in Q3 2021.
Click to expand...

Both types of attacks increased when compared to Q2 2021, with the largest percentage of resources attacked (40.8%) located in the US, followed by Hong Kong and mainland China. In fact, in August, Kaspersky noted a record number of DDoS attacks in a single day: 8,825.
Some of the most notable, large-scale DDoS attacks over the past quarter involved a new, powerful botnet called Mēris, which is capable of sending out a massive number of requests per second.
Click to expand...

Kaspersky: DDoS attacks in Q3 2021

Q3 2021 brought two new DDoS attack vectors, potentially posing a serious threat, including for major web resources.

A team of researchers from the University of Maryland and the University of Colorado Boulder found a way to spoof the victim’s IP address over TCP. To date, amplification attacks have mostly been carried out using the UDP protocol, since it does not require connection establishment procedures and allows IP spoofing. In contrast, the TCP protocol implements a three-way handshake in which the client and the server establish a connection and confirm they are ready to exchange traffic. If the victim receives a response from the server to a request they did not send, they simply discard this response.
Click to expand...

Quarter trends
Q3 was certainly interesting and certainly not calm: contrary to our expectations, we observed growth uncharacteristic for this period.

Now, judging by the growing DDoS market against the backdrop of consistently high cryptocurrency prices, attackers have started to allocate their resources differently. And this is quite logical: DDoS services are in demand, and the prolonged supply shortage has likely led to an increase in prices in this market, making it profitable for botnet operators to resume attacks.
Click to expand...

Conclusion
Q3 proved unexpectedly fast-paced for DDoS attacks: our records show several thousand attacks per day on some days. Yet the duration of attacks — both average and maximum — reduced from Q2, meaning that we saw very many shorter attacks during the period.

There is no reason to hope this year’s fourth quarter will be any different. Even though bitcoin has again reached its all-time maximum this October — likely to trigger yet another redistribution of capacity towards mining —we expect the number of attacks to grow and would be quite surprised to see it hover at the same level as in Q3 or lower
Click to expand...

guest · Nov 10, 2021

Telnyx is the latest VoIP provider hit with DDoS attacks
November 10, 2021
https://www.bleepingcomputer.com/ne...e-latest-voip-provider-hit-with-ddos-attacks/

Telnyx is the latest VoIP telephony provider targeted with distributed denial-of-service (DDoS) attacks, causing worldwide outages since yesterday.

Telnyx is a voice over Internet Protocol (VoIP) company that provides worldwide telephony services over the Internet, including in the Americas, EMEA, APAC, and Australia regions.
Click to expand...

Starting November 9th at approximately 11 PM EST, Telnyx was targeted with a DDoS attack causing all telephony services to fail or be delayed.

"Telnyx is currently experiencing a DDoS attack. Until we reach a resolution, you may be experiencing failed calls, API and portal latency/time outs, and/or delayed or failed messages," reported the Telnyx status page.
After the DDoS attacks continued, Telnyx began migrating their services to Cloudflare's Magic Transit service, which provides DDoS protection for service providers.
Click to expand...

VoIP providers under siege by DDoS attacks
This attack follows September DDoS attacks on VoIP.ms and Bandwidth that effectively took down the service provider's services for days.

When VoIP.ms suffered their week-long DDoS attack, they received a ransom demand by threat actors impersonating the ransomware group 'REvil.'
Bandwidth remained silent about the cause of their outage for days but, eventually, admitted to suffering a DDoS attack.
Click to expand...

guest · Nov 11, 2021

DDoS attacks were a more serious threat in Q3 2021 than ever before
November 11, 2021
https://www.helpnetsecurity.com/2021/11/11/ddos-attacks-q3-2021/

Link11 has released new data from its network on the development of the DDoS threat: The number of attacks remains at a very high level in Q3 2021. After Q2 2021 had already shown an increase of 19% compared to the same period of the previous year, the number of attacks rose by another 17% in Q3.
Attack volume and complexity of attack patterns are on the rise
In addition to the worsening of the threat situation in terms of the number of attacks, the increase in attack bandwidths and the rising complexity in attack techniques are also noticeable. Link11’s Security Operation Centre (LSOC) registered an increasing number of high-volume attacks. In 130 attacks, the maximum attack bandwidth exceeded 50 Gbps.

While single attack methods are declining, multi-vector attacks are becoming the norm in the DDoS threat landscape. The proportion of multi-vector attacks targeting multiple protocols and vulnerabilities, and thus different layers, increased significantly from 62% in Q2 2021 to 78% in Q3 2021.
Click to expand...

Key figures from the Link11 network on the DDoS threat situation in Q3 2021

The number of attacks continued to increase: 17% increase in the number of attacks compared to Q3 2020.

The increase in the number of attacks even amounted to over 1,000 %, if the carpet bombing attacks explained below are no longer counted as a whole, but as thousands of individual attacks.

The attack bandwidths remained very high: the largest attack was stopped at 633 Gbps. In addition, there were over 100 attacks with more than 50 Gbps peak bandwidth.

Increasing complexity of attack patterns: 78% of attacks were multi-vector attacks combining several techniques.

Misused cloud servers as DDoS weapons: In every third DDoS attack (33 %), the attackers relied on cloud instances.

Click to expand...

Link11: DDoS attacks in Q3 2021: IT infrastructure providers targeted

DDoS attacks are a more serious threat in Q3 2021 than ever before. The flood of attacks is constant, and the incidents prove to be bandwidth-intensive and complex. The operators of digital infrastructures were particularly targeted.

Link11, Europe’s leading IT security provider in cyber resilience, has released new data from its network on the development of the DDoS threat: The number of attacks remains at a very high level in Q3 2021. After Q2 2021 had already shown an increase of 19% compared to the same period of the previous year, the number of attacks rose by another 17% in Q3.
Click to expand...

guest · Nov 17, 2021

DDoS Attacks Surge 35% in Q3 as VoIP is Targeted
November 17, 2021
https://www.infosecurity-magazine.com/news/ddos-attacks-surge-35-in-q3-as/

Security experts have warned of a surge in distributed denial of service (DDoS) attacks in the third quarter, with quantity, size and complexity all increasing in the period.

The findings come from Lumen’s Q3 DDoS Report, which revealed that the firm mitigated 35% more attacks in the quarter than Q2 2021.
The vendor claimed that the largest bandwidth attack it tackled during the period was 612 Gbps — a 49% increase over Q2. The largest packet rate-based attack scrubbed was 252 Mbps — a 91% increase.
Click to expand...

Lumen said the longest attack on a customer lasted two weeks, highlighting the potentially crippling impact DDoS can have on an organization. Among the 500 largest attacks, the most frequently attacked verticals were telecoms and software/technology, followed by retail.

For the first time, 28% of multi-vector mitigations involved a complex combination of four different attack types — DNS amplification, TCP RST, TCP SYN-ACK amplification and UDP amplification, the vendor claimed.
Click to expand...

Lumen director of information security and threat intelligence, Mark Dehus, revealed that attacks are also being aimed at new services such as voice.

“We want businesses to join the fight to protect themselves,” he said. “First, have a solid strategy in place to address all potential security issues. Second, work with an established DDoS mitigation partner — particularly one that can track DDoS botnets and find new sources before they launch an attack.”
Click to expand...

guest · Jan 10, 2022

Extortion DDoS attacks grow stronger and more common
January 10, 2022

The end of 2021 saw a rise in the number of distributed denial-of-service incidents that came with a ransom demand from the attackers to stop the assault.

In the fourth quarter of last year, about a quarter of Cloudflare's customers that were the target of a DDoS attack said that they received a ransom note from the perpetrator.
Click to expand...

According to the company, 2021 is when most of these attacks happened, with a 29% recorded year-over-year increase and a 175% quarter-over-quarter jump.

They started around 200Gbps and then flexed to more than 500Gbps in mid-September. In February 2021, internet security services company Akamai saw its share of a challenge dealing with an 800Gbps RDDoS that targeted a gambling company in Europe.
Last September, a threat actor deployed an RDDoS against VoIP.ms voice-over-Internet provider, disrupting phone services as the company’s DNS servers became unreachable.
Click to expand...

Terabit-large attacks
Cloudflare says that application-layer DDoS attacks, HTTP DDoS ones in particular, targeted manufacturing companies and saw a spike of 641% compared to the third quarter of 2021.

One of the largest DDoS attacks that Cloudflare mitigated lasted for 60 seconds and came from a botnet with 15,000 systems that hurled close to 2Tbps of junk packets at a customer.
Cloudflare notes that SYN floods remain a popular attack method. The SNMP protocol has seen a dramatic spike of almost 6,000% from one quarter to another, although UDP-based DDoS attacks were the second most used vector.
Click to expand...

Cloudflare: DDoS Attack Trends for Q4 2021

The first half of 2021 witnessed massive ransomware and ransom DDoS attack campaigns that interrupted aspects of critical infrastructure around the world (including one of the largest petroleum pipeline system operators in the US) and a vulnerability in IT management software that targeted schools, public sector, travel organizations, and credit unions, to name a few.

The second half of the year recorded a growing swarm of one of the most powerful botnets deployed (Meris) and record-breaking HTTP DDoS attacks and network-layer attacks observed over the Cloudflare network.
Here are some DDoS attack trends and highlights from 2021 and Q4 ‘21 specifically: [...]
Click to expand...

Log in or Sign up

DDoS attacks in 2021

guest Guest

Aaron Cook Registered Member

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

Log in or Sign up

DDoS attacks in 2021

guest Guest

Aaron Cook Registered Member

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

Useful Searches