During the second half of 2021, COVID-19 restrictions eased and citizens began returning to their physical offices and classrooms. This gradual return to pre-pandemic life coincided with a decline in the number of distributed denial-of-service (DDoS) attacks, both in the UK and at a global level. As detailed in NETSCOUT’s 2H 2021 DDoS Threat Intelligence Report, the global number of DDoS attacks decreased from 5.4 million during the first half of 2021, to 4.4 million in the second half of the year. What’s more, DDoS attack frequency fell by 46 per cent in the UK during the second half of 2021.
Nevertheless, the number of DDoS attacks which took place during this timeframe remained high compared to pre-pandemic levels. Adversaries launched more than 9.7 million DDoS attacks globally in 2021, just 3 per cent shy of the record-breaking 10 million seen in 2020 and 14 per cent more than seen pre-pandemic in 2019.
A new focus by cybercriminals was ushered in, with adversaries launching more direct-path (non-spoofed) DDoS attacks using botnets and TCP-based floods. Evidence of this can be seen in the UK, with TCP-based attacks accounting for four of the top five attack vector types to hit the UK. This increase in TCP-based attacks came at the expense of DNS amplification attacks. However, despite this, DNS amplification attacks remained the top attack vector used in the UK during the last six months of 2021, showing that this continued to be a popular attack method, in spite of a drop in the number of these attacks launched.
Richard Hummel, ASERT Threat Intelligence Lead for NETSCOUT, has made the following comments about DDoS attacks in the UK:
“While it’s tempting to simply look at the decrease in overall attacks as threat actors resting on their laurels, the reality is that cybercriminals are constantly innovating and utilising new attack techniques to strengthen and monetise their nefarious behaviour.
“The second half of the year saw attackers continuing to add to their tactical playbook with the establishment of high-powered botnet armies in the UK, in addition to a rebalancing of the scales between DNS amplification and direct-path attacks. This led to the creation of new standard operating procedures for attackers and the addition of new tactics, techniques, and procedures to their arsenals.
“Although the number of DDoS attacks which took place both globally and in the UK fell during the second half of 2021, this still represents an increase in attack activity compared to pre-pandemic levels. Therefore, it is vital for all organisations to remain vigilant in the event that they’re the target of a DDoS attack.
“For example, it is imperative for organisations to invest in a robust and effective DDoS protection system to successfully mitigate DDoS threats, which will prevent attacks from causing significant damages. What’s more, businesses should also consider enlisting an on-demand DDoS attack specialist to help navigate through the unfamiliar and constantly evolving cybersecurity landscape. Organisations must also periodically test their protection systems so as to identify changes in attack methodology.
“By carefully following current best practices and implementing effective DDoS mitigation measures, organisations in the UK can successfully protect their digital assets from DDoS attacks and truly take charge of their cybersecurity to prolong their business continuity.”