Shifts in threat landscape amid cybercrime rise

Neustar Security Services, a provider of cloud-oriented security services that enable global businesses to thrive online, has released its 2021 year-in-review “Cyber Threats & Trends Report: Defending Against A New Cybercrime Economy,” which details the ongoing rise in cyberattacks fielded by the company’s Security Operations Center (SOC) in 2021.

In 2021, the company’s SOC saw an unprecedented number of “carpet bombing” distributed denial of service (DDoS) attacks. Carpet bombing, in which a DDoS attack targets multiple IP addresses of an organisation within a very short time, accounted for 44% of total attacks last year, but the disparity between the first and second half of 2021 was stark. While carpet bombing represented just over a third (34%) of total attacks mitigated by Neustar Security Services’ SOC in both Q1 and Q2, these attacks saw a big jump in the second half – representing 60% of all attacks in Q3, and 56% in Q4.

While the vast majority of attacks fell into the 25 gigabits per second (Gbps) and under size category, and the average attack was just 4.9 Gbps last year, 2021 saw many large-scale attacks as well. The largest measured 1.3 terabits per second (Tbps) and the most intense was 369 million packets per second (Mpps). The longest-lasting attack clocked in at 9 days, 22 hours and 42 minutes although the majority of attacks were over in minutes. Nearly 40% of the unique attacks seen by the SOC in 2021 took place in the first three months of the year. The number dropped significantly in the second and third quarters before rebounding in the fourth quarter.

A mix of new vectors and old favourites

Attacks varied more widely in complexity than what has been observed in the past few years. Single vector attacks represented 54% of attacks in 2021 compared to 5% in 2020, showing an economy of effort from many attackers. At the same time, the number of highly complex attacks using four or more vectors increased, reaching a record 4% of total attacks, so when an attacker gets serious, they can make it much more difficult on defenders.

Botnets continued to play a key role in DDoS attacks in 2021, with security professionals uncovering new botnets and command and control (C2) servers every day. One of the year’s highest-profile new botnets was Meris, which uses HTTP pipelining to overwhelm web applications by bombarding websites and applications with massive numbers of requests per second. The SOC also saw a high level of reflection/amplification DDoS attacks, using both familiar vectors such as DNS and Remote Desktop Protocol (RDP) and a variety of new ones as well.

The report also details how web applications are under assault on a number of different fronts. Attacks against web services have risen in tandem with increased adoption of web applications, and web apps are by far the top hacking vector in breaches.

Ubiquitous DNS attacks

The domain name system (DNS) has long been a popular target for DDoS attacks, both as an amplification vector and as a direct target, as well as for other types of exploits. Common threats to DNS include attacks that deliver a bad answer to DNS queries (DNS hijacking, for example), attacks that prevent the DNS from answering queries (flood attacks or reflection/amplification attacks) and attacks that use DNS as a transport mechanism to convey information through firewalls (DNS tunneling). These attacks can be difficult to defend against without the appropriate technology and expertise, and rectifying problems can be time-consuming and costly.

According to a September 2021 Neustar International Security Council report, 72% of organisations surveyed had experienced at least one DNS attack in the previous 12 months, and the impact was significant in 58% of cases. The most common types of DNS attacks were DNS hijacking (experienced by 47% of organisations in the past 12 months), followed closely by DNS flood, reflection/amplification or other type of DDoS attack (46%), DNS tunneling (35%) and cache poisoning (33%).

To read more exclusive features and latest news please see our Q4 issue here.

Media contact

Rebecca Morpeth Spayne,
Editor, Security Portfolio
Tel: +44 (0) 1622 823 922
Email: [email protected]

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

Image provided by SentinelOne

SentinelOne to Spotlight AI-Power at GISEC 2025

SentinelOne announces its participation at GISEC Global 2025 (6-8 May) at the Dubai World Trade Centre. The company will highlight..
Two young intercultural programmers trying to solve problem with access to data while interacting in front of computers

DDoS attacks targeting critical infrastructure

NETSCOUT released its 2H2024 DDoS Threat Intelligence Report, revealing how Distributed Denial of Service (DDoS)…
Copyright: Security Buyer

ASIS UK Launches “Security is You(th)” Hackathon

ASIS International UK has launched Security is You(th), an initiative designed to engage students and early-career professionals…
BeyondTrust

Into the Cloud – Morey J. Haber, BeyondTrust

The January edition of International Security Buyer featured Morey J Haber, Chief Security Advisor for BeyondTrust in our Into the Cloud…
Riham Security website

Growing Intersec Saudi Arabia

Intersec Saudi Arabia’s Event Director, Riham Sedik, discusses the event’s future growth and government partnerships

Neustar Security Services introduces UltraPlatform

Neustar Security Services, a provider of cloud-based security services that enable businesses to thrive online, is launching UltraPlatform.
Neustar

New DNS detection from Neustar

Neustar Security Services, a provider of cloud-based security services that enable global businesses to thrive online, is introducing UltraDDR…
maritime

Addressing the shortcomings of maritime cyber security

The maritime industry plays a vital role in the global economy, with shipping responsible for as much as 90% of trade worldwide…

Security and fire 2023 trends

In 2023 all industries will face several challenges: sustainability, cost increases, and how to better manage energy & resources.
istorage

Zero trust, maximum caution

John Michael, CEO, iStorage considers the dangerous new ‘golden age’ of ransomware, ways businesses can neutralise..
Scroll to Top