A recent Comcast Business report reveals that 2021 got 9.84 million Distributed Denial of Service (DDoS) attacks reported, which rose by 14% from 2019, though a bit lower than the preceding year with 10.1 million attacks.
The minor drop in attacks was a result of a number of factors. 2020 was a notably terrible year since it was a total lockdown year. People were doing work remotely and learners were studying at home. Attackers had a one-of-a-kind scenario that permitted the launch of an unmatched number of DDoS attacks. The high rates of cryptocurrencies in 2021 suggested that a lot of threat actors rerouted their botnets from executing DDoS attacks to mining cryptocurrencies.
In 2021, 73% of DDoS attacks were executed on just 4 groups – government, education, healthcare, and finance. Hackers observed seasonal developments and activities throughout the year, with education being attacked in line with the school year, while COVID-19 and vaccine accessibility prompted DDoS attacks on the healthcare field.
Multi-vector attacks went up by 47% in 2021. Comcast Business DDoS Mitigation Services protected users against 24,845 multi-vector attacks aimed at layers 3, 4, & 7 (Network, Transport & Application) at the same time. 69% of Comcast Business customers were affected by DDoS attacks in 2021, growing by 41% from 2020, and 55% of Comcast Business customers suffered multi-vector attacks directed at layers, 3, 4, & 7 concurrently. There was likewise a significant increase in the number of vectors employed in multi-vector attacks, growing from 5 in 2020 to as much as 15 in 2021, with the amplification practices in the attacks escalating from 3 to 9.
DDoS attacks bring traffic to victims’ sites to make them useless, and though attacks are typically executed only for that purpose, it is usual for DDoS attacks to be performed to distract companies and utilize resources whilst the attackers take part in other nefarious things. There’s a solid link between DDoS attacks and information breaches. As per a Neustar survey, more or less half of businesses (47%) that experienced a DDoS attack identified a virus in their networks right after the attack, 44% mentioned malware was initialized, 33% reported a system breach, 32% documented client data theft, 15% encountered a ransomware attack, and 11% were impacted by financial theft.
The most critical attack that occurred in 2021 was a 242 Gbps DDoS attack, which is enough to cover even high bandwidth Ethernet Dedicated Internet (EDI) circuits in minutes. The scope of attacks has grown and a pattern has been known to be where threat actors perform low-volume attacks to keep under the radar of IT teams and bring about damage on a number of levels. This approach can weaken website functionality, yet the attacks are usually not seen by IT groups, who merely learn they were targeted when they begin getting complaints from consumers.
DDoS attacks are inexpensive to conduct, pricing merely a few bucks, while for a couple of hundred dollars considerable attacks may be done that can cripple companies. DDoS attacks could be very pricey for organizations. The attacks could stop businesses from communicating with their clients and meeting SLAs, and the attacks may bring about disastrous financial and reputational problems. In a number of scenarios, the damage is quite serious that companies were compelled to permanently shut down. For organizations that count on availability, each minute of downtime can bring about losses even as much as millions of dollars.