Distributed denial-of-service (DDoS) attacks have been a staple of adversary toolkits longer than perhaps any other attack technique. Yet it's popularity among cybercriminals shows no signs of abating.
In fact, 2020 witnessed what some vendors are describing as a renaissance of the venerable attack technique. Amid major changes fostered by a global pandemic, cybercriminals deployed more DDoS attacks against more organizations in more industries than any time before. DDoS attacks became larger in volume, and the number of attacks exceeding 50 Gbps increased sharply as well.
Organizations targeted in DDoS attacks not only had to contend with volumetrically larger campaigns, but also attacks that combined multiple vectors at the same time — and in some cases lasted longer than ever before. One example is an attack that Akamai encountered last year, which topped 1.4 Tbps and 809 million packets per second.
The attacks, targeted at a large European bank and an Internet hosting company, combined as many as nine different attack vectors, including ACK Flood, NTP Flood, SYN Flood, UDP Flood, and SSDP Flood. Akamai says 65% of the DDoS attacked it mitigated in 2020 involved multiple vectors — one involved 14.
One of the most troubling trends for organizations that vendors reported observing was an increase in so-called ransom DDoS attacks (RDDoS), where adversaries tried extorting money from organizations by threatening them with massive DDoS attacks. Multiple vendors, including Akamai, Cloudflare, and Neustar, reported an uptick in these attacks starting around mid-2020.
"DDoS attacks are a more prevalent threat than ever," says Michael Kaczmarek, vice president of product management at Neustar, which Thursday marked renaissance attacks
