In the eye of the storm – the number of DDoS attacks is decreasing; at the same time, they are becoming more dangerous
For more than two years, the Corona pandemic has influenced social life and the economy. In many areas of life, it has accelerated the digital transformation. The cyber threats associated with advancing digitalization are among the most serious consequences for business, industry and the public sector. Even though, according to a German Bitkom survey published in June, digitization has lost pace since the start of the war in Ukraine, the threat in cyberspace continues to intensify.
Despite this threat, the Link11 Security Operations Center recorded a temporary decrease in DDoS attacks on the Link11 network for the first time. In the first half of 2022, the total decreased by more than three quarters (80%) compared to the same period last year in the record DDoS year of 2021. “In the past two years, several major DDoS extortion waves have been one of the strongest drivers of criminal DDoS activity,” commented Marc Wilczek, Managing Director at Link11, on the decrease. “Even though attack numbers increased significantly again in July, we have observed significantly fewer ransomware DDoS attacks so far. In addition, the world’s largest darknet marketplace was shut down in the spring, draining one of the gathering points of criminal energy,” Wilczek adds.
While there are fewer attacks, they are more dangerous. That’s because, as LSOC has observed in recent years, it’s not just the DNA of attacks that is continually changing. Instead of attacking companies indiscriminately in the hope of success, companies are being explicitly targeted with sophisticated DDoS attacks. In addition, the attacks recorded during the period under review are significantly shorter, more intense, and more sophisticated.
For the first time, DDoS attacks recorded on the Link11 network were analysed regarding how many seconds must pass after the first bytes are transmitted before traffic reaches its maximum value. In the first half of 2022, a critical payload was reached, on average, just 55 seconds after the DDoS attack began. In comparison, attacks in 2021 peaked only after an average of 184 seconds. “These turbo attacks are red hot. They peak very quickly instead of rising continuously. Such DDoS attacks can cripple network systems even before defences can take full effect,” Wilczek explains.
The trend toward high-bandwidth DDoS attacks also continues unabated. Average maximum attack bandwidths have continued to increase year on year from 266 Gbps in the first half of 2021 to 325 Gbps in the first half of 2022. The largest DDoS attack recorded on the Link11 network was stopped at 574 Gbps.
The correlation between duration and intensity of DDoS attacks also shows: Attacks are shorter and, at the same time, more intense. The more concentrated, targeted, and sophisticated attacks are the more precision and speed are required to detect and stop them. Thus, time is becoming an increasingly essential factor in dealing with DDoS attacks.
The full report is available for download on Link11’s website.
About Link11
Link11 is the leading European IT security providers in the field of protecting web services and infrastructures against cyber-attacks. Headquartered in Germany, Link11 maintains global locations, including in Europe, North America, and Asia. The company’s cloud-based IT security services help customers avoid business disruptions and strengthen the cyber-resilience of their business networks and critical applications.
Link11’s product portfolio includes a wide range of security services, such as web and infrastructure DDoS protection, Bot Management, Zero-Touch WAF, and Secure CDN Services. According to unanimous analyst opinion (Frost & Sullivan, Gartner a. o.), Link11 offers unique high-performance mitigation across all layers and for all attack vectors, including unknown ones, within seconds. The technological basis for this is Link11’s patented DDoS protection, which relies on machine learning and consistent automation. The company’s global multi-terabit network, which currently has 43 PoPs (Points of Presence), interconnects the DDoS filter clusters and is monitored 24/7 by the Link11 Security Operations Center.
The German Federal Office for Information Security (BSI) recognizes Link11 as a qualified DDoS protection provider for critical infrastructures. With ISO certification 27001, the company also offers high-level data security processes. Since founded in 2005, Link11 has received multiple awards for its innovative solutions and business growth.