Akamai has recently reported three large-scale DDoS attacks. These attacks count among the six biggest volumetric DDoS attacks the company has ever recorded. Two of these attacks were the largest ransom DDoS attacks and the most recent one peaked at 800Gbps. It targeted a gambling firm in Europe and was one of the most complex attacks ever.
What has happened?
According to Akamai, in 2021 the DDoS campaigns have become more persistent and targeted in nature. In recent attacks on two specific organizations, multiple campaigns lasted for several days and targeted a range of IP addresses.
In just three months, the security firm recorded more attacks sized over 50Gbps, than it observed in entire 2019.
In one attack, the attackers targeted nearly a dozen IPs and switched them with multiple DDoS attack vectors for increasing disruption of back-end environments.
The attackers behind this attack used a new DDoS attack vector, in which they leveraged a networking protocol known as the Datagram Congestion Control Protocol (DCCP) or protocol 33.
Utilizing DCCP for DDoS can lead to a volumetric attack that can avoid the defense mechanism set up for the TCP and UDP traffic flows.
DDoS attack insights from other reports
Radware, an Anti-DDoS organization, observed a new wave of extortion attacks from late-2020 to the first week of January. The organizations threatened with DDoS attacks in August and September received a ransom demand of 10 bitcoins to stop the strike.
The attackers started to show that they were not making empty threats by sending ransom notes an hour after.
Most of the victims faced relentless DDoS attacks for nine hours that peaked at 237Gbps.
In addition, another report from Securelist suggests that China, the U.S. and Hong Kong were the top countries facing DDoS attacks.
Trends and observations make it certain that similar to last year, organizations are expected to face more frequent and powerful DDoS attacks this year too. Therefore, organizations are recommended to evaluate available solutions to defend their assets, opt for reliable DDoS mitigation service, and consider all possible mitigation strategies and requirements.