Link11, Europe’s leading IT security provider in cyber resilience, has published its annual Link11 DDoS Report for the first half of the year. The report shows that DDoS criminals were once again very active between January and June 2021, launching a record-breaking number of attacks.
The Link11 Security Operations Center (LSOC) recorded a third (33%) more attacks than in the same period last year in the DDoS record year of 2020. Attacks were already at a high level in 2020, and once again increased significantly in 2021, continuing unabated. Within the half-year, the number and power of DDoS attacks have once again increased noticeably. For example, LSOC registered 19% more attacks in Q2 than in the previous quarter. But this quarter was already characterized by a large number of attacks on vaccination centers and e-schooling platforms, among others.
The report also shows that numerous attacks exceeded 100 Gbps in attack volume. Their number increased compared to the first half of 2020: from 30 to 40 attacks. In addition, there were hundreds of attacks with bandwidth peaks between 20 and 100 Gbps. Whether employing hijacked cloud accounts or botnets, these attack bandwidths are becoming the norm. Many of these high-volume attacks dragged on for hours. Usually high-bandwidth attacks end after a few minutes to conserve the attackers’ resources. In the first half of the year, the largest attack stopped at 555 Gbps and exceeded the maximum attack bandwidth of the same period last year by almost 38%.
The devices and servers that attackers abused for DDoS attacks were distributed globally. In the 1st half of the year, most malicious DDoS traffic came from the USA. The second most frequent attacks could be traced to Germany. DDoS traffic from Russia and China, which accounted for most traffic in previous years, decreased significantly.
Of note is the rising incidence of DDoS extortions. Since the beginning of 2021, several of these waves (RDDoS – Ransom Distributed Denial of Service) have targeted financial, e-commerce, media and logistics, industrial, consumer goods, telecommunications, and hosting provider/ISP companies. The peaks of ransomware activity were in January and June, which required a large number of emergency integrations of DDoS protection solutions. The perpetrators recently posed as the “Fancy Lazarus Group.” The actions of the perpetrator(s) were largely identical to the criminal activities of DDoS extortionists operating under the names Armada Collective, Fancy Bear, and Lazarus Group since the summer of 2020.
There’s no end in sight to the current wave of Ransom DDoS attacks, LSOC warns. Rather, companies must prepare for cyber-extortion with DDoS attacks to become a permanent part of the threat landscape and increasingly combined with other attack techniques – particularly ransomware.
Marc Wilczek, managing director of Link11, said, “In the first half of the year, we registered an incredibly high number of DDoS attacks and extortions. For inadequately protected companies, this often posed a major challenge, as we noticed from the high number of emergency deployments. Even tools and systems already in place were regularly pushed to their limits, and some companies didn’t realize this until the emergency hit. However once the acute threat has been overcome, such an incident offers those responsible for security the opportunity to rethink their own strategies and close the gaps in their own IT security systems. After all, prevention is better than emergency management.”
The entire report is available for download on the Link11 website.