Radware notes dramatic increase in blocking DDoS attacks in 2021
Radware’s third quarter DDoS and Applications report noted a massive increase in the number of blocked DDoS attacks, particularly against the communications, healthcare and tech industries.
Radware’s Threat Intelligence Director Pascal Geenens says in the first nine months of 2021 there have been more blocked attacks than there were in all of 2020.
Geenens explains: “During the third quarter, DDoS records for large-scale volumetric attacks were broken on three continents. At the same time, the phantom floods or micro-attacks that typically fly under the radar have increased. The reality is that organizations need more granular detection. and layered defenses to protect against more stealthy and complex DDoS attacks. “
The report notes that Radware’s DDoS mitigation system blocked 75% more attacks in 2021, however, DDoS attacks fell slightly below previous quarters this year.
The sectors most attacked in the third quarter were technology (on average 2,638 attacks per company), healthcare (1,785 attacks per company), communications (1,525 attacks per company) and finance (1,337 attacks per company) .
The report also analyzes the number of blocked web security events, including 2.1 million per company per quarter. According to Radware, this represents an average of 700,000 blocked events each month for a single company.
Radware also states that these attacks include predictable resource location attacks, SQL injection, code injection, and cross-site scripting. These results are aligned with similar results in the OWASP Foundation’s Top 10 2021 list.
“Network analysis and attack activity has been marked by opportunistic and haphazard analysis which forms a large part of the vulnerability and exploitation threat landscape,” notes Geenens.
“Malicious actors continually exploit old and recently disclosed vulnerabilities, such as remote command execution and command injection exploits, which are easy to integrate into existing malware and operating tools. Along with the evolution of cloud resources and services, there is no longer a hiding place on the Internet. Every corner of the internet is listed in convenient IoT search engines. “
Web security events primarily targeted banking and finance, which accounted for almost 23% of blocked web security events, followed by government (16%), tech (15%), and retail and wholesale ( 12%).
Results at a glance:
- In the first ninth months of 2021, 75% more DDoS events were blocked compared to the same period in 2020
- The banking / financial sector received the most application layer attacks in Q3 2021
- Hadoop was the most exploited service in Q3 and topped the rankings for analytics and unsolicited attacks
- Default Account Takeover and Account Abuse still accounts for the bulk of Q3 activity with SSH, VNC, and RDP topping the most scanned and exploited TCP port charts.
- Lower numbers of DDoS attacks and attack volumes may indicate a shift in tactics from volumetric flooding to application-level attacks.