Corero Network Security has published the latest edition of its annual DDoS Threat Intelligence Report that compiles the trends, observations, predictions and recommendations based on DDoS attacks against Corero customers during 2021.
The report, now in its 7th year, highlights that DDoS threats continue to grow in sophistication, size and frequency. Yet 2021 also reveals changes in attacker behavior since the start of the pandemic including an increase of 297% in the use of OpenVPN reflections as a means of DDoS attack.
As the report co-author and Corero CTO, Ashley Stephenson, said: “OpenVPN as a reflection DDoS vector isn’t just bad news for the victim being attacked, it is also a risk for the organization whose OpenVPN infrastructure is being used to launch the attack as their own users will become collateral damage, suffering from a degraded or unusable service that impacts Business Continuity.”
The report also finds 97% of DDoS attacks were under 10Gbps, as low packet rate attacks continued to grow during 2021. It suggests this may be the result of attackers sending packets to a victim at lower rates to avoid easy detection.
Stephenson added: “Combined with the 82% share of short duration DDoS attacks, the intention is that these stealthier transient attacks will appear as legitimate traffic, bypassing simple security measures and succeeding in choking access to important downstream services or connections.”
Frequency of repeat attacks also grew with a 29% increase in organizations who experienced a second attack within a week.
The report also provides constructive recommendations regarding DDoS protection. “With the 82% increase in shorter duration DDoS attacks there is a growing requirement to detect-and-block in real time, rather than relying on time-consuming and expensive traffic redirection to cloud solutions,” said Stephenson.
“The advantage here is that most of these attacks can be addressed by on-premises solutions, avoiding the disruption, risk and cost of re-routing customer traffic across the Internet to third party scrubbing centers.”