We’re only three months into 2021, and Akamai has mitigated 3 out of the 6 largest DDoS attacks they have ever witnessed.
Two of these hit the same company on the same day, and the attackers’ goal was extort money from the target.
“Growing” DDoS attacks
Hoping for a major Bitcoin payout, DDoS attackers continue to raise the bar when it comes to attack size, frequency, and target diversification.
“In 2021 alone, we’ve already seen more attacks over 50 Gbps (as of 03/24/2021) than we saw in all of 2019. Keep in mind attacks of this scale can take almost anyone offline,” Akamai researchers pointed out.
They are also trying out new DDoS attack vectors. Just last week the company’s SIRT clocked an attack that leveraged the Datagram Congestion Control Protocol (DCCP), in an attempt to bypass defenses focused on traditional Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) traffic flows.
“This attack is akin to a SYN flood in DCCP, but in this case is volumetric in nature,” the researchers explained.
In the observed DCCP DDoS attacks, 100% of the traffic consisted of DCCP-Request packets, but they noted that they’ll likely see additional abuse of this protocol in the future, as the DCCP-Request is just one of multiple packet formats within the protocol that could be leveraged for abuse.
“So long as attackers properly configure IP headers in the packet, they’ll successfully route attack traffic to intended victims and fly under the radar of TCP/UDP-centric defense strategies and technologies,” they added.
DDoS campaigns are more targeted and persistent
DDoS attackers have been diversifying their efforts across geographies and industries.
Four years ago, most targets were gaming companies. Today retailers, telecoms, ISPs, gaming companies, firms in the financial industry, and education organizations bear the brunt of the majority of DDoS attacks.
As noted before, some targets are repeatedly slammed by attackers probing for weaknesses and trying out different attack vector combinations. Some of the biggest attacks targeted a European organization in the gambling industry and an Asian organizations in the video games industry.
According to a recent report, DDoS attackers began ramping up their extortion efforts in the second half of 2020, posing as prolific threat groups (Fancy Bear, Cozy Bear, Armada Collective, and Lazarus Group) to target operators of critical infrastructure and providers of financial services, eCommerce, and hosting services, and asking for ransoms ranging from five to 15 Bitcoins.