Never before has the risk of a distributed denial-of-service (DDoS) attack been higher. In 2020, we saw record-breaking attacks, a DDoS extortion campaign impacting thousands of organizations globally, more emergency customer turnups, and more Akamai customers attacked than any year on record — and we’ve been successfully fighting DDoS attacks since 2003! We also saw a big increase in attacks targeting verticals that haven’t seen as much activity of late, with 7 of 11 of the industries we track seeing peak attack counts in 2020.
What was driving this second renaissance of DDoS activity? Our opinion is that DDoS risk profiles changed rapidly with the onset of COVID-19, making DDoS more attractive to would-be attackers. This change in risk profiles, combined with toolset improvements that lowered the bar to entry for high-volume and complex DDoS attacks, created a perfect storm for the biggest year in DDoS since 2016. Politically driven DDoS attacks haven’t gone away, but they have been eclipsed by other motivations.
IT ALL STARTED WHEN…
We entered the new year with sizable DDoS attack activity — a steady number of large attacks but nothing earth-shattering or highly unusual. Then, very large attack sizes (think over 100 Gbps) started to dramatically increase, with the timing of the surge (not surprisingly) mapping to the beginning of the COVID-19 epidemic in Europe and the United States, when the reliance on online activity and connectivity became more pressing. Customers and prospects shifted to focus on protecting VPNs and communications endpoints more than “generic” data centers, as their risk profile and postures rapidly evolved. Looking back, as businesses across all industries needed to adapt to remote work and the increasing reliance on internet connectivity, it’s clear that more and more types of organizations would be attractive and lucrative targets for DDoS threat vectors.
Then only a few months later, Akamai saw threat actors launch record-breaking 1.44 Tbps and 809 Mpps attacks against a large European bank and an internet hosting customer, which are considered higher risk targets for DDoS activity because of their respective verticals. The massive Tbps attack was also highly complex, featuring nine different attack vectors and multiple botnet attack tools requiring a mix of automatic and human mitigation techniques to successfully block the attack vectors.