Read on to view the full report
In the past year, we’ve witnessed a major shift by organizations in their IT infrastructure in order to cope with the COVID-19 pandemic. More and more enterprises have “gone digital”, with new practices such as remote work and distance education becoming the norm. Although this undoubtedly brings added value to businesses, this rapid adoption, if poorly planned, can inadvertently expose services to more cyber-attacks.
To help you better understand the current trends and statistics of cyber-attacks, we have summarized our latest findings on DDoS attacks in 2020–2021 through the following infographic. In particular, we will highlight the following points:
1. The proportion of volumetric attacks at 50Gbps and above has doubled, and continue to rise
Compared with 2019, volumetric attacks aimed to overwhelm the network bandwidth are shown a significant increase in events at 5Gbps and above, and the proportion of events more than 100Gbps has doubled for two consecutive years.
2. The resources exhaustion attack reached a peak value of 3 million QPS
The resources exhaustion attacks targeting the application layer (Layer 7) increased significantly in 2020. Attacks with peak value exceeding 3 million QPS occurred frequently in the Q4 (Oct-Dec). Previously, the peak value of resources exhaustion attacks were generally below 2 million QPS, million-level QPS attacks were already rare.
3. More DDoS occured during 2020 Spring Fesvitval, and also during the pandemic
Compared to the same period in 2019, the number of DDoS attacks increased by 26% from H1 2020. In March, April and May, the attack level was relatively high, with a year-over-year increase of 43% in March. This trend dropped during the 2021 Spring Festival.
4. 76% of DDoS attacks were conducted with mixed attacks
In 2020, only 24.02% of attacks used single type methodology. Among the attacks carried out with multiple methodologies, an average of 1.66 attack methodologies were used per event.
5. The largest attack group equipped with Tbps-level attack resources
Alibaba Cloud Security Team tracked and analyzed 1,023 botnet C&Cs, and identified more than 2,000 attack groups through reflection attacks. Approximately 40% of attack groups owe attack resources fewer than 5,000 IPs.
6. Attacks carried out through major cloud platforms account for less than 1%
Attacks carried out from major cloud platform account for only 0.73% of total attack events, which is the least source by number of attack events; and the attack originated from major cloud platform is only 0.17%. Attacks from proxy servers have become the main attack force in 2020, they are easy to obtain, cost-effective, and well performed.
7. Review of typical events
In November 2020, Alibaba Cloud Security Team successfully defended the largest resources exhaustion DDoS attack detected on the platform, with a peak of 5.369 million QPS. The attack’s mainly targets API payment interfaces of e-commerce and the gaming industry. It first appeared in October and surged during Double 11.
The team at Alibaba Cloud Security hope that through this report, enterprises and IT practitioners can be more well-prepared against attacks by adopting cloud-based security solutions to safeguard their data and infrastructure. Alibaba Cloud will also continuously optimize products and services for cloud users, with more efficient, scalable, and flexible capabilities.
To learn more about our services can protect you from DDoS attacks, please visit https://www.alibabacloud.com/product/ddos
Click here to learn about the full DDoS Attack Statistics and Trend Report by Alibaba Cloud.