DDOS Attacks Report for Q1 2021 by StormWall

StormWall analyzed the statistics of DDoS attacks conducted against its customers  in Q1 2021. 

StormWall, an international provider of solutions for protection against DDoS attacks, presents  an analysis of the statistics of attacks recorded in Q1 2021. The statistics reflect the established  attempts of DDoS attacks against StormWall customers from different countries of the world,  representing various industries and sectors of the economy. 

General situation 

As our analysis showed, the intensity of DDoS attacks, in general, continues to grow. So, in Q1  2021, we recorded 25.4% more attacks on our customers than in the fourth quarter of 2020. The  leaders in the number of attacks were e-commerce, construction, entertainment,  telecommunications, as well as the financial sector. 

We explain the increase in the number of attacks primarily by reducing the cost of conducting  attacks and steadily reducing the cost of creating botnets, which in general leads to the  increasing popularity of DDoS attacks among all kinds of attackers and unscrupulous  competitors. 

For comparison, the number of attacks in Q1 2021 increased by almost 40.9% compared to Q1  2020. 

Statistics and dynamics of DDoS attacks by industry 

Q1 2021, the largest share of attacks (42.7%) occurred in the entertainment sector. Compared to  Q4 2020, the number of attacks increased by 28%, while their share increased by 2%. At the  same time, the growth of the share of such attacks for the same periods of 2019-2020 was 7%.  The decline in dynamics can be explained by mitigation of quarantine measures in several  countries and regions – this led to the fact that the main users of entertainment resources  began to spend less time on them, switching to business and entertainment in an offline format.  Nevertheless, the sector remains the most attacked since hackers can cause large losses in a  very short time and quickly get money through blackmail. 

The second-largest share was made by attacks on telecom: the number of attacks on this  sector increased by 51.2% compared to Q4 2020 – their share increased to 35.3%. (It should be  noted that more than 40% of the clients we consider to be in the telecom sector are hosting  service providers and cloud services.) This strong growth is due to the sharp increase in the  importance of telecommunications for business, government, and society: in the era of the pandemic, data networks have become the main channel of interaction – communication,  training, shopping, commercial transactions, etc.

stormwall ddos


The attackers could not help but notice this  and therefore intensified DDoS attacks on the telecom sector with the aim of extortion and  blackmail. In addition, the increase in demand for high-quality telecommunications caused an  increase in competition, one of the tools in the hands of unscrupulous market players became  DDoS attacks. 

The third place was taken by the e-commerce sector – it recorded 9% of the total number of all  DDoS attacks in Q1 2021. The number of attacks here increased by 19.1% compared to the  previous quarter. The continued increase in the number of attacks is obviously due to the  transfer of consumer purchases online – in online stores and on online platforms, which was the  result of the ongoing mass quarantine measures in several countries and regions, as well as  consumer habits that have changed during the quarantine. The attackers could not help but  react to the growing popularity of e-commerce companies. Interestingly, online stores of  finishing materials and furniture were most often attacked, which can be explained, on the one  hand, by an increase in demand for these goods during a period of limited opportunities for  vacation trips and, as a result, by the attackers ‘ interest in online furniture and DIY stores, and  by the revenge of dissatisfied buyers. 

In the construction sector (its share was 4.5%), the number of DDoS attacks increased by 18.2%  compared to the previous quarter. 

A small (up to 3.7%) increase in the share of DDoS attacks was observed in financial  organizations. It is noteworthy that in Q1 2020, attacks were carried out mainly on banks, then a  year later – on crypto services. 

In the education sector (its share – 2.6%), the share of attacks decreased by 16.2% compared to Q4 2020. We attribute this dynamic primarily to a decrease in the share of distance learning.  Nevertheless, their share is still several times higher compared to Q1 2020. 

Statistics and dynamics of DDoS attacks by protocols 

stormwall ddos protocols

The most frequent attacks were of the packet flood type (on the network and transport layer of  the OSI model) — the share of such attacks was 83.5%. The second-largest share — 16.5% —  came from attacks on sites at the application layer (HTTP/HTTPS). 

This is explained, on the one hand, by the fact that a significant part of DDoS attacks occurred  on online games and telecom: in the first case, the flood at the TCP/UDP level is aimed directly  at disabling the service, and in the second, attackers use the flood with a large number of small  or large packets to overload the processor on routers or overflow communication channels. On  the other hand, batch flooding was often more effective and cheaper than HTTP flooding, even  if the target of the attack was a website: at the beginning of the year, new botnets appeared in  

the Darknet that was quite affordable (from $250 per week), allowing you to organize attacks  with a capacity of several hundred gigabits at the batch level. 

It is noteworthy that just a year ago, the shares of batch flooding and application-layer attacks  were almost equal — among StormWall clients, they accounted for 48% and 52% of cases,  respectively. As we can see, the preferences of the organizers of a DDoS attack depend  primarily on the combination of price/efficiency, and batch flooding often turned out to be more  effective and cheaper, even if the target of the attack was a website or other service. 

General trends and recommendations 

The number of DDoS attacks, in general, continues to grow, and we have no reason to expect

them to decrease. Of concern is the sharp increase in the number of attacks with a capacity of  more than 100 Gbit/s. Attacks with a maximum capacity of about 1 Tbit/s are no longer  uncommon. We explain this dynamic primarily by the reduction in the cost of powerful botnets:  increasing their affordability makes them a popular tool for conducting attacks. 

According to our forecasts, the power of DDoS attacks will also increase due to the  development of 5G networks, which will make DDoS attacks with a capacity of more than 1 Gb/s  quite accessible-it will be almost impossible to repel them without specialized means of  protection. 

In addition, we expect the emergence of new types of DDoS attacks, which are presumably  aimed at the UDP protocol, since applications based on it (primarily online games) are  significantly more vulnerable to DDoS attacks than those using the TCP protocol. 

Given the serious financial and reputational damage caused by DDoS attacks, organizations  should take care of long-term protection against them and purchase a reliable solution that can  protect against DDoS attacks of various types, including so-called smart attacks.

This report was brought to you by StormWall, a service that provides anti-ddos services for your online projects.