The first half of 2021 saw massive ransomware and ransom DDoS attack campaigns that interrupted aspects of critical infrastructure worldwide and a vulnerability in Kaseya's IT management software that was exploited to target schools, the public sector, travel organizations and credit unions. Meanwhile, the second half of the year saw the rise of a new botnet called Meris, record-breaking HTTP DDoS attacks and network-layer attacks observed over the Cloudflare network.
When it came to ransom DDoS attacks, they increased by 29 percent year over year and by 175 percent quarter over quarter. In fact, in December alone, one out of every three respondents surveyed by Cloudflare reported being targeted by a ransom DDoS attack or threatened by an attacker.
At the same time, Q4 was the busiest quarter for attackers launching network-layer DDoS attacks with more attacks observed this quarter than in Q1 and Q2 of 2021 separately. While most of these attacks were small, Cloudflare was able to automatically mitigate dozens of attacks peaking at over 1 Tbps with the largest one peaking at just under 2 Tbps. There was also a persistent ransom DDoS campaign against VoIP providers around the world during Q4.
Application-layer DDoS attacks
Application-layer DDoS attacks, specifically HTTP DDoS attacks, are attacks that usually aim to disrupt a web server by making it unable to process legitimate user requests.
During 2021, the manufacturing, business services and gaming/gambling industries were the most targeted by application-layer DDoS attacks with attacks on manufacturing companies increasing by 641 percent quarter on quarter during Q4.
When it came to where these attacks are originating from, for the fourth quarter in a row, China remains the country with the highest percentage of DDoS attacks coming from within its borders followed by the US, Brazil and India. The US was the most targeted country by application-layer DDoS attacks followed by Canada, Germany, France and Ukraine.
As cybercriminals and other threat actors increasingly use DDoS attacks to hold businesses for ransom and to target critical infrastructure, organizations should ensure they have adequate DDoS protection to fortify both their websites and online services.