Distributed denial of service (DDoS) attacks are growing bigger in volume, and they have also become more targeted and increasingly persistent, according to web security services provider Akamai.
The recently observed assaults haven’t reached the magnitude of the largest DDoS attacks the company has mitigated to date, which have peaked at 1.35 Tbps in 2018 and at 1.44 Tbps in 2020, but three of them are among the six biggest volumetric DDoS attacks Akamai has ever encountered.
Akamai says the increased number of bigger volumetric DDoS attacks is, in fact, the new norm. Since the beginning of the year, the company has already observed more attacks peaking at over 50 Gbps than during the entire 2019.
The largest of these were 800+ Gbps assaults: one at 824 Gbps, the other at 812 Gbps, both during the same day, February 24. Akamai also observed a 594 Gbps attack on March 5.
These three attacks targeted a European organization in the gambling industry, and an Asian video game company. Among these attacks, there were two of the largest known DDoS extortion attacks to date, Akamai notes.
“The most recent extortion attack — peaking at more than 800 Gbps and targeting a European gambling company — was the biggest and most complex we’ve seen since the widespread return of extortion attacks that kicked off in mid-August 2020,” the company reveals.
Furthermore, Akamai has noticed that DDoS attackers are expanding their reach across geographies and industries, with the number targeted entities now being 57% higher than last year.
Unsurprisingly, threat actors are looking for new means to bypass defenses and cripple their target’s resources, including through the use of new attack vectors, such as the recently observed Datagram Congestion Control Protocol (DCCP), or protocol 33.
Attacks leveraging this vector are similar to SYN floods in DCCP, but are volumetric in nature, and are meant to bypass defenses that focus on Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) traffic.
Overall, the 2021 DDoS campaigns are more targeted and more persistent, Akamai says. Several of these attacks have been targeted at the IP addresses of two specific customers and lasted several days, attempting to exploit any weaknesses in their defenses.
“In one attack, the threat actors targeted nearly a dozen IPs and rotated through multiple DDoS attack vectors trying to increase the likelihood of disrupting the back-end environments. In fact, 65% of DDoS attacks launched against customers were multi-vector,” Akamai says.
This year, an overall increase in the number of DDoS attacks is expected to be accompanied by a spike in large DDoS attacks (at more than 50 Gbps), with more organizations in more industries likely being targeted.