Corero's DDoS report exposes attacker behaviour during pandemic

Significant 82% rise in short duration DDoS ‘Flood’ attacks, a 297% increase in OpenVPN attacks and a 29% higher risk of a repeat attack within a week.

Corero Network Security has published the latest edition of its annual DDoS Threat Intelligence Report that compiles the trends, observations, predictions, and recommendations based on DDoS attacks against Corero customers during 2021.

The report, now in its 7th year, highlights that DDoS threats continue to grow in sophistication, size, and frequency. Yet 2021 also reveals changes in attacker behaviour since the start of the pandemic including an increase of 297% in the use of OpenVPN reflections as a means of DDoS attack.

As the report co-author and Corero CTO, Ashley Stephenson explains, “OpenVPN as a reflection DDoS vector isn’t just bad news for the victim being attacked, it is also a risk for the organisation whose OpenVPN infrastructure is being used to launch the attack as their own users will become collateral damage, suffering from a degraded or unusable service that impacts business continuity.”

The report also finds 97% of DDoS attacks were under 10Gbps, as low packet rate attacks continued to grow during 2021. It suggests this may be the result of attackers sending packets to a victim at lower rates to avoid easy detection. Stephenson adds, “Combined with the 82% share of short duration DDoS attacks, the intention is that these stealthier transient attacks will appear as legitimate traffic, bypassing simple security measures and succeeding in choking access to important downstream services or connections.” Frequency of repeat attacks also grew with a 29% increase in organisations who experienced a second attack within a week.

The report also provides constructive recommendations regarding DDoS protection. “With the 82% increase in shorter duration DDoS attacks there is a growing requirement to detect-and-block in real time, rather than relying on time-consuming and expensive traffic redirection to cloud solutions,” says Stephenson, “The advantage here is that that most of these attacks can be addressed by on-premises solutions, avoiding the disruption, risk and cost of re-routing customer traffic across the Internet to third party scrubbing centres.”

Looking towards 2022, Stephenson believes that the data from the report confirms that DDoS attackers continue to innovate, devising new threats and altering attack strategies , “Our SOC (Security Operations Centre) reports a net increase in the number of unique DDoS attack vectors seen in the wild and in the level of year-over-year DDoS activity,” he says, adding “Significant new DDoS threat alerts resulting from the TP240PhoneHome test feature and Hikvision SADP demonstrate that continuous development of new attack vectors is inevitable. Our data shows that 2021 attacks consisted of multiple new attack vectors layered on top of many known vectors that have been operating for some time – including those highlighted in the FBI “4-pack” alert from July 2020. Clearly DDoS prevention is an impractical strategy; you have to be using a combination of DDoS detection and mitigation to put up an effective defence.”

As the trend towards shorter duration, attacks utilising multiple vectors continues, Stephenson advises that “…as organisations plan their strategy for effective DDoS protection, they need to consider the relationship between time-to-mitigation and potential downtime. The typical time to swing traffic to cloud DDoS protection means the shorter attack is over and the damage may already be done. Corero real-time DDoS solutions are key to providing the necessary fast, accurate and automatic mitigation.”

Stephenson summed up the report’s findings, “Although the report highlights the alarming and continued threat from DDOS attacks, Corero’s unique understanding of the nature of these attacks means we can help our customers to remain a step ahead of the DDoS threat and ensure their businesses can thrive in this dangerous environment.”



A new report from the Capgemini Research Institute finds that 51% of industrial organizations believe that the number of cyberattacks on smart factories is likely to increase over the next 12 months. Yet nearly half (47%) of manufacturers say cybersecurity in their smart factories is not a C-level concern. According to the Capgemini report, ‘Smart & Secure: Why smart factories need to prioritize cybersecurity’, few manufacturers have mature practices across the critical pillars of cybersecurity. The connected nature of smart factories is exponentially increasing the risks of attacks in the Intelligent Industry era.
New research reveals majority of large businesses can’t replace unsupported hardware, leaving potential vulnerabilities exposed.
With an unprecedented number of employees now working in hybrid or fully remote environments, compounded by an increase in cyber threats and a more overwhelmed, COVID-19 information fatigued workforce, there has never been a more critical time to effectively create and maintain a cyber-secure workforce and an engaged security culture.
Arcserve has published the first in a series of findings of its annual independent global research study on current experiences and attitudes of IT decision-makers (ITDMs) around data protection and recovery. Key findings from the research show that ransomware attacks continue to impact organisations worldwide with high costs, but they are still largely unprepared. With 50% of respondents targeted with ransomware attacks, the research indicates the critical need for companies to take a new approach to data resilience that fortifies disaster recovery strategies, backup systems, and immutable storage solutions to prevent the loss of mission-critical data.
A survey of WAN managers has revealed that multi-factor authentication and single sign-on are the top zero trust features implemented.
New research shows Log4Shell detections tripled, PowerShell scripts heavily influenced a surge in endpoint attacks, the Emotet botnet came back in a big way and malicious cryptomining activity increased.
Enterprise security solution underpinned by Versa SASE.
Hibernian FC is delighted to announce an innovative multi-year partnership with Acronis, the global leader in cyber protection, and Dunedin IT, one of Scotland's most trusted and experienced technology and connectivity providers providing end-to-end services.