Why attackers are focusing on DDoS attacks

Anthony Webb, VP of International at A10 Networks, illustrates the DDoS threat landscape and lays out the best strategies for preventing and mitigating these attacks.

The COVID-19 pandemic has created significant challenges and changes to the world as we know it. As enterprises quickly moved to remote working also implementing a new hybrid set-up, adversaries have seized the opportunity and we have witnessed significant growth in the number of cyberattacks. In particular, DDoS attacks have grown – not only in size and frequency – but adversaries have also swivelled to focus on low-volume, persistent attacks that run for longer periods of time, frequently injecting attack traffic. These low-volume attacks enable adversaries to evade basic defensive measures, yet they still have significant impact on enterprise systems and operations.

Modern malware is hijacking IoT devices

As the name indicates, DDoS attacks are distributed in nature. A single attack may employ multiple DDoS weapons to overwhelm the victim’s network and defences. Our security research team have been tracking DDoS weapons and their behaviours and reporting on their frequency and impact over the last several years. Our latest H1 2021 DDoS Attack Mitigation: Global State of DDoS Weapons Report provides detailed insights into the origins of DDoS activity, highlighting how easily and quickly modern malware can hijack IoT devices and convert them into malicious botnets. The report also provides some helpful guidance on what organisations can do to protect against such activities and act rather than sit and wait for the inevitable to happen.

What we can see is that with new attacks and new malware variants, we are witnessing new layers of sophistication in how IoT and smart devices are being weaponised. Cybercriminals are recruiting IoT devices into their botnet armies, aided by Mozi malware and spreading this around the world. Here I’ve summarised some of the key findings:

DDoS weapons are steadily growing

The total number of DDoS weapons increased by 2.5 million during H1 2021 this was the same as previous quarters, meaning the number of DDoS weapons has been steadily growing with a total number of 15 million weapons tracked.

SSDP (Simple Service Discovery Protocol) remains the largest reflected amplification weapon with 3.2 million potential weapons exposed to the internet. This is an increase of over 28% compared to the previous reporting period. And while DDoS attackers have been increasingly focused on smaller attacks launched persistently over a longer period, these larger scale attacks might not occur as frequently, but they cause a lot of damage and make significant headlines as a result.

The rest of the amplification weapons remained virtually the same with SNMP, Portmap, TFTP and DNS Resolvers as the top five. It is important to note that all these weapons experienced growth in numbers except for DNS Resolvers.

China leads the way

DDoS attacks are not limited to a specific geographic location and can originate from and attack organisations anywhere in the world. However, what we found in this report is that China (for the second reporting period in a row) continues to lead the way in hosting the highest number of potential DDoS weapons including both amplification weapons and botnet agents. This was closely followed by the US which remains the second largest source of DDoS weaponry, particularly amplification weapons, followed by South Korea.

Media contact

Rebecca Morpeth Spayne,
Editor, Security Portfolio
Tel: +44 (0) 1622 823 922
Email: [email protected]

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

Copyright: Security Buyer

ASIS UK Launches “Security is You(th)” Hackathon

ASIS International UK has launched Security is You(th), an initiative designed to engage students and early-career professionals…
Image provided by Veeam

AI and Ransomware: Cutting Through the Hype

Rick Vanover, Vice President Product Strategy, Veeam discusses how It might be the great paradox: Artificial Intelligence (AI)….
Copyright: Security Buyer

AmiViz Partners with Titania

AmiViz announced a strategic distribution agreement with Titania. This collaboration underscores a shared commitment to enhancing…
Oil and Gas

Navigating Africa’s Oil & Gas Industry

A comprehensive analysis of security strategies in Africa’s oil and gas industry, covering physical, cyber, and remote surveillance measures.
blackhat

Black Hat Europe Starts Soon

Black Hat Europe starts Monday and now is the perfect time to start planning your experience. With a full lineup of Keynotes…

VIVOTEK’s All-in-One Software Boosts Operational Efficiency for Enterprises

As demand for high-efficiency security systems rises among large enterprises, the global leading…
Assa Abloy website

WTC Amsterdam enhances security and efficiency with digital access solution

The World Trade Center (WTC) Amsterdam, home to over 300 companies, has upgraded its building security with a streamlined, digital access solution from ASSA ABLOY.
John Maddison website

Fortinet launches Lacework FortiCNAPP to enhance cloud-native security

In an advancement in cybersecurity, Fortinet has announced Lacework FortiCNAPP, providing organisations with visibility and security.
GITEX Global 2024 website

GITEX GLOBAL 2024: AI revolution drives strategic tech innovation

GITEX GLOBAL 2024 concluded on Friday, showcasing artificial intelligence (AI) as a transformative force driving business and economic growth
Scroll to Top