Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News Cloudflare Report Highlights Staggering Increase in DDoS Attacks in Q4 2021

Cloudflare Report Highlights Staggering Increase in DDoS Attacks in Q4 2021

This item in japanese

In keeping with its custom of releasing a quarterly trends report on DDoS attacks, Cloudflare has just published its new findings for Q4 2021, which show a 95% increase in L3/4 DDoS attacks and record-breaking levels of Ransom DDoS attacks.

L3/4 DDoS attacks target distributed systems at the network and transport layers, either by increasing the volume of traffic, or the packet rate.

Attacks with high bit rates attempt to cause a denial-of-service event by clogging the Internet link, while attacks with high packet rates attempt to overwhelm the servers, routers, or other in-line hardware appliances.

In both cases the goal is to cause packets to be dropped. Cloudflare registered a few attacks sending over 1Tbps, and almost up to 2Tbps in one case, while most peaked at less than 50,000 packets per second. In addition, most attacks lasted less than one hour, with an inverse correlation between their duration and frequency, meaning that shorter-lived attacks were launched more frequently.

In a large majority of cases, attackers attempted to flood a server by sending many SYN TCP packets, which are used to establish a connection, or by sending many UDP packets. In both cases, the attackers use a spoofed IP address concealing their own and avoiding its systems to be saturated by the target server responses.

When we look at emerging attack vectors — which helps us understand what new vectors attackers are deploying to launch attacks — we observe a massive spike in SNMP, MSSQL, and generic UDP-based DDoS attacks.

Going up the OSI scale, many DDoS attacks in Q4 targeted the application layer, and specifically HTTP servers, with the manufacturing, business services, and gaming/gambling industries in the US, Canada, and Germany being the most affected.

In Q4, DDoS attacks on Manufacturing companies increased by 641% QoQ, and DDoS attacks on the Business Services industry increased by 97%.

A specific version of DDoS attacks analyzed by Cloudflare are those that aim to have the targeted organization to pay a ransom to stop the DDoS attack. These kinds of attacks increased by 29% YoY and 175% QoQ, says Cloudflare, with over 20% of Cloudflare customers responding to a survey reporting they received a ransom letter at some point in Q4.

The Cloudflare report is rich in detail and statistics, including distribution over individual months, comparisons across quarters, analysis by originating countries, and more. Make sure you do not miss it to get the full picture.

About the Author

Rate this Article