In Q1 2021, the number of DDoS attacks dropped by 29% compared to the same period in 2020, but increased by 47% compared to Q4 2020, according to data from Kaspersky DDoS Prevention. However, this growth is explained by an unusual spike in January – that month accounted for 43% of all attacks in the quarter – while the other two months remained quiet.
At the beginning of 2021, many people were still working remotely and spending their leisure time at home. Therefore, cybercriminals conducted DDoS attacks against entities that users need more, for example, telecom providers, so that their clients experienced issues with their internet connection, or online gaming sites. Nevertheless, despite the remaining attention on such resources, statistics show the overall DDoS situation is becoming stable.
Kaspersky experts explain the drop in attacks compared to the same quarter of the last year by the abnormal activity at the beginning of 2020. Because of sudden shift to remote work, corporate VPN gateways and web resources, such as mail or corporate knowledge bases, which were previously available only inside an organisation, became a target for DDoS attacks. Within the year, businesses mostly implemented protection for these parts of IT infrastructure. Given this, attacks against these web assets may have become less effective, and the number of DDoS attacks dropped. So, by February and March 2021 the number of attacks returned back to a pre-lockdown benchmark.
Comparison of number of DDoS attacks by months. Data for 2019 is taken as 100%
January 2021 stands out in terms of the number of DDoS attacks. Statistics from Kaspersky DDoS Intelligence system, that intercepts and analyses commands received by bots from command and control servers, also showed this spike. For instance, on January 10 and 11, the number of registered attacks exceeded 1,800, and for several days in the month it reached more than 1,500.
“In general, the first quarter of 2021 was rather quiet, apart from surge in DDoS activity in January. That surge might be caused by a fall in cryptocurrency prices that made some malefactors repurpose infected devices in botnets to send junk traffic instead of mining currency. So, despite an overall decline in Q1, we recommend protecting web resources from DDoS attacks. Because, as we can see, cybercriminals driven by financial motives can easily change their tactics depending on the circumstances,” - comments Alexey Kiselev, Business Development Manager on the Kaspersky DDoS Protection team.
To stay protected against DDoS attacks, Kaspersky experts offer the following recommendations:
Read the full report on Securelist.
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialised security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.