The nature of DDoS attacks is constantly changing. StormWall experts are following new trends in DDoS attack organization and have noticed a number of new trends recently. Analysing StormWall customer data the experts found that from January to September 2021, the average number of DDoS attacks per organization worldwide increased threefold. In addition, the number of TCP attacks has increased. This is due to the fact that botnets, which enable attacks with a capacity of several hundred gigabits, have recently become much cheaper.
In the period from January to September 2021, DDoS attacks on TCP protocols accounted for 45% of the total number of all DDoS attacks. In the same period last year, the share of DDoS attacks on TCP protocols was only 14%. The percentage of UDP attacks was 22% from January to September 2021, while this number was 34% last year. The comparison of statistics shows that the percentage of UDP flood type attacks is decreasing, while TCP flood type attacks are in the phase of rapid growth and are becoming more popular among hackers. This trend can be observed everywhere in the world.
The changes also affected other types of attacks. From January to September this year, DDoS attacks over the HTTP protocol accounted for 30% of the total number of attacks, although last year the share of this type of attack was 51%. Analysis of the statistics shows that hackers’ interest in attacking websites at the application level (HTTP) has waned. This is because packet floods (TCP/UDP) are now often more efficient and cheaper than HTTP floods, even if the target of the attack is a website, since there are many offers on the Internet to acquire access to powerful botnets for organizing attacks (over 200 Gbit/s) that work at the packet level, at a low price (from $100 per day).
According to experts, due to the difficult economic situation in the world, hackers will continue to experiment with different types of DDoS attacks and also try to reduce their costs of organizing them. It is possible that cybercriminals will start experimenting more actively with rarely used types of DDoS attacks that exploit vulnerabilities of certain applications and require less energy to disable the victim: In the future, the proportion of such attacks could increase significantly.