Network-layer DDoS attack trends for Q4 2020

In the final quarter of 2020, there was a significant increase in large-scale DDoS attacks, with an uptick in those over 500 Mbps and 50 K packets per second. Protocol-based attacks also saw a 3-10x increase compared to the previous quarter. Additionally, nearly 9% of all observed attacks lasted more than 24 hours. The number of network layer DDoS attacks decreased in Q4 compared to Q3, with December being the busiest month for attackers. Large DDoS attacks increased, indicating that attackers are becoming bolder and using tools that allow them to launch larger attacks. Attack duration varied, with 73% lasting under an hour and almost 9% lasting over 24 hours. The most popular attack method was SYN floods, followed by ACK, RST, and UDP-based DDoS attacks. NetBIOS and ISAKMP-based DDoS attacks saw a significant increase compared to the previous quarter. Cloudflare's data centers in Mauritius, Romania, and Brunei recorded the highest percentages of attack traffic relative to non-attack traffic. Ransom-based DDoS (RDDoS) attacks continued to plague organizations, with a recommendation not to pay ransoms as it encourages bad actors and finances illegal activities.