In a carpet bombing, a DDoS attack targets different IPs of any company in a short span of time, these account for 44% of total attacks that happened last year, but the difference between the first and second half of 2021 is huge. Carpet bombing accounted for 34% of total attacks resolved in Q1 and Q2, however, the attacks increased in the second half accounting for 60% attacks and 56% attacks in Q3 and Q4 respectively. The longest attack recorded 9 days, 22 hours, and 42 minutes, however, these were over within minutes. Around 40% of the attacks were observed by SOC in 2021 in the first quarter of 2021.
The figures dropped in second and third quarters while rising again in the fourth quarter. "The domain name system (DNS) has long been a popular target for DDoS attacks, both as an amplification vector and as a direct target, as well as for other types of exploits," reports Helpnet Security.
Attacks varied in nature compared to the past few years. Single attack vectors account for 54% of attacks in 2021, in comparison to 5% in 2020, representing more activity of attackers. Also, the number of attacks using more than four-vectors also increased, accounting for a record 4% of total attacks, this means when an attacker gets serious, it gets difficult for victims to protect themselves.
Botnets continue to be the main part in DDoS attacks in 2021, security experts are discovering new botnets and command and control (C2) servers every day. The high-profile botnet in 2021 was Meris, it uses HTTP pipelines to stuff web applications, bombarding websites and apps with large numbers of requests per second. The SOC also observed high-intensity amplification km DDoS attacks, which use familiar vectors like DNS and Remote Desktop Protocol (RDP) and new variants as well.
The report covers how web apps are vulnerable from different fronts, threats against web services have risen with the increase in usage of web applications, making web apps the top hacking vector in the attacks. "While the vast majority of attacks fell into the 25 gigabits per second (Gbps) and undersize category, and the average attack was just 4.9 Gbps last year, 2021 saw many large-scale attacks as well. The largest measured 1.3 terabits per second (Tbps) and the most intense was 369 million packets per second (Mpps)," reports Helpnet Security.