DDoS attacks are becoming more prolific and more powerful, warn cybersecurity researchers

A report warns about a rise in DDoS attacks as cyber criminals get more creative with ways to make campaigns more disruptive.
Written by Danny Palmer, Senior Writer

There's been a rise in distributed denial of service (DDoS) attacks in recent months in what cybersecurity researchers say is a record-breaking number of incidents. 

According to a report by cybersecurity researchers at Netscout, there were 5.4 million recorded DDoS attacks during the first half of 2021 – a figure that represents an 11% rise compared with the same period last year. 

DDoS attack is a crude but effective form of cyberattack that sees attackers flood the network or servers of the victim with a wave of internet traffic that's so large that the infrastructure is overwhemed by the number of requests for access, slowing down services or taking them fully offline and preventing legitimate users from accessing the service at all.  

Often, the machines being used to launch DDoS attacks – which can be anything that connects to the internet and so can range from servers and computers to Internet of Things products – are controlled by attackers as part of a botnet. The real owners of the devices are unlikely to know that their device has been hijacked in this way.  

SEE: Cybersecurity: Let's get tactical (ZDNet special feature) 

In some cases, DDoS attacks are simply designed to cause disruption with those behind the attacks just launching them because they can. However, in other instances there's also an extortion element at play, with attackers threatening to launch a DDoS attack against a victim if they don't give into a demand for payment. 

But it isn't just the rise in DDoS attacks that makes them disruptive; cyber criminals are adapting new techniques to evolve their attacks in order to help them bypass cloud-based and on-premise defences. 

"The tooling behind these attacks has matured over the years," Hardik Modi, Netscout area vice president of engineering, threat and mitigation products, told ZDNet.  

For example, cyber criminals are increasingly leveraging multi-vector DDoS attacks that amplify attacks by using many different avenues to direct traffic towards the victim, meaning that if traffic from one angle is disrupted or shut down, the others will continue to flood the network of the target. In many cases, the attackers will specifically tailor these to exploit vulnerabilities of the target. 

Researchers note that multi-vector attacks are getting more diverse (a vector is essentially a method or technique that is used in the attack like DNS reflection or TCP SYN floods). In 2020, the largest one of these attacks used 26 vectors. During the first half of 2021, there have been a number of attacks using between 27 and 31 different vectors, plus an attacker can switch between them to make the attack harder to disrupt. 

SEE: Four months on from a sophisticated cyberattack, Alaska's health department is still recovering

DDoS attacks have become more effective during the past year due to the added reliance on online services. Disruption to services that people are relying on in both their professional and personal lives has the potential to have a significant impact.  

However, in the majority of cases it's possible to defend against DDoS attacks by implementing the industry's best current practices to maintain availability of services in the face of an incident. These practices include setting specific network access policies as well as regularly testing DDoS defences to confirm they can protect the network from attacks. 


Editorial standards