DDoS report highlights attack trends including increased sophistication, size, and frequency

Published: Thursday, 13 May 2021 08:05

Corero Network has published the latest edition of its annual DDoS Threat Intelligence Report that compiles the latest trends, observations, predictions, and recommendations based on DDoS attacks against Corero customers during 2020.

The report, now in its 6th year, highlights that DDoS threats are growing in sophistication, size, and frequency. Yet 2020, also reveals changes in attacker behaviour during the pandemic including a year-over-year increase of nearly 400 percent in the use of OpenVPN reflections as an attack vector.

As the report co-author Ashley Stephenson for Corero explains, “OpenVPN as a reflection DDoS vector is bad news for the victim being attacked but, also for the organization whose OpenVPN infrastructure is being used to launch the attack as their remote workers will suffer from a degraded, or possibly unusable, service, impacting productivity and, potentially, business continuity.”

The report also finds a 70 percent growth in DDoS attacks over 10Gbps as high packet rate attacks grew overall during 2020, compared to slight declines in 2019. The report suggests it is due to the increasing shift to 100Gbps Internet connectivity. Frequency of repeat attacks also grew with a 68 percent increase in organizations experiencing a second attack within a week.

Looking towards 2021 and Ashley believes that the data from the report shows that DDoS attacks and threats are not going away anytime soon:

“Once again we are reporting a net increase in the number of unique DDoS attack vectors seen in the wild and in the level of year-over-year DDoS activity,” he said. “The specific example of the mid-year FBI alert regarding the malicious use of built-in network protocols for DDoS attacks demonstrates that development of new vectors is inevitable. Yet our data shows that these exploits were already being used in attacks before the FBI alert and their use continues to grow to this day. Prevention is an impractical strategy, detection and mitigation continue to be the only defense.”

As the trend towards short duration, high intensity attacks using multiple vectors continues, Ashley advises that “…as organizations plan their strategy for effective DDoS protection, the relationship between time-to-mitigation and potential downtime is a vital consideration.  Organizations must consider that the typical time to swing traffic to cloud DDoS protection means the attack is often already over and the damage may be done.”

More details.