Malicious web application requests skyrocketing, bad actors stealthier than ever before
Radware released report findings which underscore 2021 as the year of the web application attack. Between 2020 and 2021, the number of malicious web application requests climbed 88%, more than double the year-over-year growth rate in distributed denial-of-service (DDoS) attacks, which were up 37% over 2020.
The unprecedented increase in web application attacks did not, however, prevent DDoS from making a name for itself in 2021. The report details how last year saw multiple record-breaking DDoS attacks and ransom denial-of-service (RDoS) earn its place in the threat landscape. At the same time that big attacks were making headlines, the volume of micro floods, attacks which often go undetected, rose nearly 80% compared to 2020.
“The statistics tell a story about bad actors. They are getting smarter, more organized, and more targeted in pursuing their objectives — whether that be for money, fame, or a political cause,” said Pascal Geenens, director of threat intelligence for Radware.
“In addition, cybercriminals are shifting their attack patterns — from leveraging larger attack vectors to combining multiple vectors in more complex-to-mitigate campaigns. Ransomware operators and their affiliates, which now include DDoS-for-hire actors, are working with a whole new level of professionalism and discipline — something that we have not seen before.”
The report reviews the most important cybersecurity events in 2021 and provides detailed insights into DDoS and web application attack developments as well as unsolicited network scanning trends.
Key takeaways
- Cloud-scale DDoS attacks are in the forecast: As more businesses migrate critical resources and applications to the public cloud, attackers are adapting their tactics and techniques to match the scale of public cloud providers. While enterprises should not be immediately alarmed by reports of huge attacks, they do need to be aware that DDoS attacks are a part of their threat landscape, irrespective of their geography or industry. Companies hosting services in the public cloud need to be prepared for cloud-scale attacks.
- Ransom DoS (RDoS) gangs take charge: In 2020, there was an uptick in DDoS attacks against organizations that did not pay a ransom demand on time. In 2021, RDoS confirmed its pervasive presence in the DDoS threat landscape with several campaigns. This included attacks targeting VoIP providers worldwide, which sparked concern for critical infrastructure.
- Ransomware operators turn to triple extortion: In 2021, more sophisticated and better organized operators advanced their tactics, adding more extortion capabilities to their arsenal. To bring reluctant victims back to the negotiating table, they launched triple extortion campaigns by combining not only cryptolocking and data leaks, but also DDoS attacks. As a result, the flourishing underground economy supported by ransomware operators is seeing a new demand for DDoS-for-hire services.
- Micro floods make a big showing: While the number of large attack vectors (above 10Gbps) declined 5% between 2020 and 2021, micro floods (less than 1Gbps) and application-level attacks rose nearly 80% higher. By shrewdly combining a large number of micro floods over longer periods of time, attackers put organizations at greater risk of having to constantly increase infrastructure resources, such as bandwidth, and network and server processing, until the service can become cost prohibitive.
DDoS attacks
In 2021, the number of malicious DDoS events increased by 37% per customer compared to 2020. Europe, the Middle East, and Africa (EMEA) and the Americas each accounted for 40% of the attack volume in 2021, while the Asia Pacific region accounted for 20%.
Average 2021 DDoS attack volumes per customer grew by 26% in 2021 compared to 2020.
The top attacked industries in 2021 were gaming and retail, each accounting for 22% of the attack volume on a normalized basis. These two industries were followed by the government (13%), healthcare (12%), technology (9%), and finance (6%).
Web application attacks
The number of malicious web application requests grew 88% from 2020 to 2021. Broken access control and injection attacks represented more than 75% of web application attacks.
The most attacked industries in 2021 were banking and finance, along with SaaS providers, together accounting for more than 28% of web application attacks. Retail and high-tech industries ranked third and fourth, each with almost 12% of the web security events, followed by manufacturing (9%), government (6%), carriers (6%), and transportation (5%).