Radware® announced results from its Q1 DDoS Attack Report, a new quarterly report series, which provides an overview of attack activity experienced by a sample of Radware’s customers during the first quarter of the calendar year 2021.
The report analyzes DDoS attack activity by industries, attack vectors, DDoS attacks on applications and on-premise vs. cloud. The 18-page report includes pertinent charts throughout.
Among the major findings, the report noted that while the number of attacks held steady (down 2% from Q4 2020, attack volume increased by 31%.
The largest recorded attack in Q1 of 2021 was 295Gbps, up from 260Gbps in Q4 of 2020. In fact, the occurrence of major attacks of 10Gbps or more tripled in Q1 2021 vs. December 2020.
In addition, while DDoS attacks have traditionally impacted public assets, damaging an organization’s reputation through public exposure, healthcare is different. Those back-end infrastructure attacks are occurring more frequently during weekday business hours – with little activity over weekends or holiday periods -- impacting day-to-day operations such as the connectivity to cloud-based applications by employees or the remote access for those still working from home. [Page 13]
Pascal Geenens, Director of Threat Intelligence for Radware, noted: “The first half of Q1 was characterized by large attacks on finance and a continuation of the 2020 ransom DDoS campaign. By the end of 2020, the extortionists started circling back to earlier victims who did not pay ransom in earlier attempts, reusing their attack research and increasing the pace of their campaign to benefit from the surging Bitcoin value.”
Several global organizations had branches/remote offices impacted during this period, with actors leveraging new tactics to impact the productivity of organizations by targeting internet connectivity and remote access.
To overcome the pandemic, organizations began relying on remote operations, teleworking and remote access infrastructure. As a result, DDoS actors found new opportunities and began targeting the backend of the communication infrastructure of organizations. With limited bandwidth, attackers can achieve more impact and disrupt a branch or an organization's operations. Interrupting or affe