The number of distributed denial-of-service attacks accompanied by ransom demand from the perpetrators increased around the end of 2021. About a fifth of Cloudflare’s customers who were victims of a DDoS attack stated they got a ransom note from the culprit in the fourth quarter of last year.
Almost a third of Cloudflare customers reported getting a ransom letter in December 2021, which accounted for a substantial share of these attacks. In a blog post, Cloudflare claims that the number of reported DDoS ransom attacks has doubled compared to the previous month.
As per the company, most of these assaults occurred in 2021, with a 29% year-over-year rise and a 175% quarter-over-quarter increase. Extortion or ransom DDoS (RDDoS) attacks emerged as a new threat in August 2020, and have since become larger and more intricate.
In mid-September, they stretched to over 500Gbps after starting at roughly 200Gbps. In February 2021, Akamai, a provider of internet security services, faced a problem coping with an 800Gbps RDDoS that targeted a European gaming firm. Last September, a threat actor launched an RDDoS attack on VoIP.ms, disrupting phone services by rendering the company’s DNS servers unavailable.
According to Cloudflare, application-layer DDoS attacks, particularly HTTP DDoS attacks, targeted industrial organizations and increased by 641% from the third quarter of 2021. As per the IP addresses, most of these DDoS attacks originate in China, the United States, Brazil, and India, and are perpetrated by botnets like Meris, which made headlines this year with a record-breaking 21.8 million request attack on Russian internet giant Yandex.
Unlike an application-layer DDoS attack, which denies consumers access to a service, a network-layer DDoS attack attempts to knock down a company’s complete network infrastructure, including routers and servers. One of Cloudflare’s most significant DDoS attacks lasted 60 seconds and was launched by a botnet with 15,000 devices that flung about 2Tbps of trash packets at a client.
While this isn’t the greatest DDoS attack ever recorded, Cloudflare claims that “terabit-strong attacks are becoming the norm.” This one came from a network of IoT devices hacked by a Mirai botnet version. According to Cloudflare, SYN floods are still a common attack tactic. Although UDP-based DDoS attacks were the second most popular vector, the SNMP protocol saw a tremendous increase of about 6,000% from one quarter to the next.
“When we look at emerging attack vectors — which helps us understand what new vectors attackers are deploying to launch attacks — we observe a massive spike in SNMP, MSSQL, and generic UDP-based DDoS attacks” – Cloudflare
Companies dealing with short-term DDoS attacks, which are becoming more common, should employ an automatic mitigation solution since it reacts immediately and terminates the attack.