Global DDoS Threat Report 2021
In the post-EPIDEMIC era, enterprises have increased demand for digital tools and consumers have shifted their living and consumption habits online, ushering in sustained and rapid growth of the Internet industry.At the same time, DDoS attacks are difficult to trace to the source, the cost of blackmail is low, and the industrial chain is mature.In addition to the increasing number of DDoS attacks, the industry’s largest DDoS attack traffic was pushed to 2.54 terabytes over the past year.Recently, Green Alliance technology and Tencent Security released the global DDoS Threat Report 2021 (hereinafter referred to as the Report), based on the statistical analysis of the data monitored in 2021, a comprehensive review of the development trend of global DDoS attacks in 2021.The report points out that the number of peak DDoS attacks and large traffic attacks continues to increase, and the attack methods and industry distribution are diversified. The attack methods have higher requirements on the performance and sensitivity of protection systems than in the past, and flexible response has become the key to DDoS attack and defense.Since the peak of DDoS attacks in 2016 entered the ERA of Tb attacks, Tb attacks have been more than 5 years, over 100 GIGABytes of large traffic attacks continue to grow, DDoS attacks for extortion purposes are emerging in endlessly, it has become the preferred method of extortion by criminal gangs, a serious threat to enterprise security.The report found that the threat of DDoS attacks was greater in the second half of 2021 than in the first half, with hacking attacks also peaking in the second half of the year.On the one hand, with the wide application of the new generation of information technologies such as the Internet of Things, 5G network and cloud computing, a large number of IoT devices or IDC services have been reduced to failure due to the timely repair of vulnerabilities.On the other hand, the increased regulation makes a large number of mining machine-based enterprises migrate overseas, and the black mining industry using broilers is also greatly impacted. A large number of broilers backflow from the mining field into DDoS attack black mining industry.Hackers’ attack resources have increased significantly, leading to a higher peak of DDoS attacks in the second half of 2021, with several attacks breaking terabytes in July alone.In addition to increasing the number and peak of heavy traffic attacks, the methods of heavy traffic attacks initiated by hackers have also changed.According to the report, a significant proportion of over 100 GIGABytes of high-traffic DDoS attacks in 2021 were launched by means other than SYN packets or UDP reflections.This means that the attack methods of large traffic attack with more than 100 GIGABytes are obviously diversified.The diversification trend also shows the distribution of overseas and domestic attack industries.The two attack hot industries are highly overlapped, and the game industry ranks the first.In addition, cloud computing, live video and other industries accounted for more.From the perspective of black production, 80% of DDoS attacks in 2021 lasted less than 5 minutes, and high-frequency instantaneous attacks accounted for a high proportion.The gangs mainly rely on expanding the scale of botnets to improve their DDoS attack capability, and use the time difference attack to sneak in, which is impossible to defend against.In addition to the rapid increase of attack traffic, rapid disappearance and intensive pulse attack will make enterprise security operation and maintenance personnel unable to bear the disturbance, under the help of botnet, the rise of sweep attacks in recent years to enterprise security can not be underestimated.When a sweep attack occurs, the attacked IP address changes rapidly. The duration of the attack on some IP addresses may only be a few seconds, but the traffic can rapidly increase to hundreds of GIGABytes.At the same time, if the detection system and defense system have a large delay and do not respond in a timely manner, attack detection may be missed and defense transparent transmission may occur.In the long run, high-frequency transient attacks can seriously affect the service quality of the target, effectively control the attack cost, exhaust the energy of DDoS defense service personnel, and bring greater challenges to enterprise security.At present, the integration of the digital economy and the real economy is accelerating, and the security challenges brought by DDoS attacks are gradually increasing.The continuous improvement of magnitude and intensity, and the continuous emergence of new attack methods make the current network security situation more serious.In this context, enterprises need to implement regular defense for high-risk services, improve the sensitivity and precision of DDoS attack detection and response, and implement intelligent scheduling of defense monitoring systems to ensure enterprise service security with friendly defense experience.Based on the anti-ddos equipment favored by the international market, and with the support of domestic and international threat intelligence, LvMENG Technology created the international cloud cleaning service.At present, Green Alliance technology has 8 cleaning centers around the world, covering Asia Pacific, North America, Latin America, Europe and other hot business areas.Through Anycast technology, Luomeng Technology international cloud cleaning service can realize the global node joint near-source cleaning, with T-level cleaning capacity, can provide customers with unlimited protection services;At the same time, through the global backbone network of LvMENG Technology, the nearest source can be realized for customers, and network delay and stability performance can be optimized.It can also provide multilingual 7/24 service, which can provide management services and attack incident emergency response services for customers with higher requirements on business security.