Ransomware DDoS attacks increased 29% YoY and 175% QoQ in the last quarter of 2021, according to new research from Cloudfare.

The first half of 2021 has seen massive campaigns of ransomware and DDoS ransomware attacks that have disrupted aspects of critical infrastructure around the world (including one of the largest pipeline system operators in the United States ) and a vulnerability in IT management software that targeted schools, the public sector, travel agencies and credit unions.

The second half of the year saw a growing swarm of one of the most powerful botnets deployed (Meris) and record HTTP DDoS attacks and network layer attacks seen on the Cloudflare network. This is in addition to the Log4j2 vulnerability (CVE-2021-44228) discovered in December which allows an attacker to execute code on a remote server – arguably one of the most severe vulnerabilities on the internet since Heartbleed and Shellshock.

High-profile attacks like the ones listed above are just a few examples that demonstrate a trend of increasing cyber insecurity affecting everyone from tech companies and government organizations to wineries and coffee factories. meat processing.

According to Cloudfare, Q4 21 was the busiest quarter for attackers in 2021. In December 2021 alone, there were more than all attacks seen in Q1 and Q2 21 separately. And one in three respondents said they had been targeted by a ransom DDoS attack or threatened by the attacker.

While the majority of attacks were small, powerful terabit attacks became the new norm in the second half of 2021. Cloudflare automatically mitigated dozens of attacks peaking at over 1 Tbps, with the largest peaking at a just under 2 Tbps – the biggest according to the company. has never seen.

The manufacturing industry was the most attacked in Q4 21, seeing a whopping 641% QoQ increase in the number of attacks. The business services and games/gaming industries were the second and third most targeted industries for application-layer DDoS attacks.

Q4 21, and in particular November, saw a persistent ransomware DDoS campaign against VoIP providers around the world.

For the fourth consecutive time this year, China topped the charts with the highest percentage of attack traffic originating from its networks.

Attacks originating in Moldova quadrupled in Q4 21 QoQ, making it the country with the highest percentage of DDoS activity at the network layer.

A new botnet called the Meris botnet emerged in mid-2021 and continued to bombard organizations around the world, launching some of the largest HTTP attacks on record, including a 17.2 million rps attack that Cloudflare automatically attenuated.

This research is based on DDoS attacks that have been automatically detected and mitigated by Cloudflare’s DDoS protection systems.

To analyze attack trends, Cloudflare calculates the rate of “DDoS activity”, which is the percentage of attack traffic out of the total traffic (attack + cleanup) observed on its global network. Measuring the number of attacks as a percentage of total observed traffic allows Cloudflare to normalize data points and avoid biases reflected in absolute numbers towards, for example, a Cloudflare data center that receives more total traffic and likely also more attacks.