DDoS Attack Trends for H2 2021

With the continued high risk of DDoS attacks, the most important step a company can take in ensuring its availability and performance is to be prepared for attacks before they begin.

Rachel Kempf - Editor-in-Chief
DDoS Attack Trends for H2 2021


With many people returning to in-person work and activities in the past months, it may be tempting to assume that DDoS attacks, which increased significantly during the pandemic, would begin to wane. So far, this has not been the case for Q2 2021, as attacks have actually increased since the height of the pandemic. Larger and more widespread than ever, DDoS attacks continue to make news headlines and wreak havoc on digital businesses across many different industries and geographical locations. This seemingly permanent change to the threat landscape has sent a clear message to business owners and IT decision makers: no one is safe from DDoS attacks.

As DDoS mitigation solutions become an increasingly crucial component of any business’s cybersecurity, it’s important to understand the risks of DDoS attacks and stay aware of new attack trends. This article will discuss what’s driving the persistent threat of DDoS attacks, discuss the latest attack trends, and explain how to guard against them in 2021.

What is a DDoS Attack?

DDoS, or distributed denial of service attacks, are attacks that infect large numbers of machines with malware and weaponize them against a network, site, or application by flooding the target with malicious traffic designed to knock it offline.

DDoS attacks have grown this year in size, frequency, and complexity, making it more crucial than ever that businesses of every kind prepare for the possibility of DDoS attacks. For companies that are unable to fend off attacks in a timely manner, the effects can be devastating, including:

  • outages and poor performance;
  • lost revenue or productivity due to service interruption;
  • reputation damage and decreased stock prices;
  • ransom payment demands;
  • compensation for affected clients; and
  • further attacks, such as site hijacking or data theft.

Factors Affecting Q2 2021 DDoS Attacks

Large-scale DDoS attacks have continued to make news headlines throughout Q2, putting DDoS and other cybercrimes at the top of many countries’ national security agendas. But as public awareness of DDoS grows, so does awareness among petty criminals and prospective attackers. DDoS-for-hire attacks sell for as low as $10 an hour, so launching an attack requires no technical prowess and very little money. And with the sustained high prices of Bitcoin, which are often used in DDoS ransom payments, it’s likely that DDoS ransom attacks will continue to proliferate as victims give in to hackers’ demands.

Another factor contributing to the continued high risk of DDoS is that many of the protocols put into place during the pandemic have been maintained, even in places where restrictions have eased. Flexible, online services and remote work policies have proven very popular, causing many organizations to permanently embrace them. For example, a July 2021 McKinsey report on telehealth stated that utilization has stabilized at levels 38 times higher than before the pandemic. As a result, high levels of attacks on the healthcare industry are likely to continue.

In addition, 5G rollout has continued to accelerate, adding more and more IoT devices that, when compromised, could be deployed in DDoS attacks. Although commercial 5G deployments are a relatively new development, Ericsson predicts that the number of 5G subscribers will reach 580 million by the end of 2021. IoT devices are a particularly attractive target for attackers to infect with malware and use in attacks, as they often have weak security protocols, like relying on factory-set passwords.

Factors affecting Q2 2021 DDoS attack trends include:

  • increased public awareness and low barrier to entry
  • permanent adoption of remote work for many organizations
  • increased popularity of telehealth and online services
  • sustained high prices for cryptocurrency
  • mass-market adoption of 5G

New Targets

The threat of DDoS continues to spread to new industries and new geographic regions, sending a clear message to businesses: no one is safe from attack. Telecommunications and healthcare continue to be frequently targeted industries, and attacks on government and infrastructure are growing as well. In May, a high-profile attack on Belgium’s government-funded ISP provider disrupted Belgium’s parliament, police services, universities, public transit, and other services.

Financial institutions around the world were targeted by a wave of DDoS attacks in June, often as part of ransom-related extortion attempts, which continue to grow. This, coupled with a rise in high-volume attacks, makes large companies juicy targets for criminals looking to profit off of DDoS with large payouts from their victims.

Attacks on these and other industries that have experienced more frequent attacks in 2021 have resulted in increased risk for a wide range of businesses, including:

  • Finance
  • Government and infrastructure
  • Healthcare
  • Telecommunications
  • E-commerce
  • Online gaming
  • Small businesses
  • Big businesses

Increase in Size and Frequency

Last year, DDoS attacks rose to new heights during the pandemic, reaching the 10 million mark by the end of the year. This year’s trends show that attacks are poised to be even more frequent, with 3.5 million attacks in Q1 2021 alone, according to a June article in GovCybersecurityHub. As the article notes, this is especially concerning, considering that January and February are typically the slowest months of the year for cybersecurity.

In addition to more frequent attacks, DDoS attacks are rising in volume, with average attack size growing 10% in size from last quarter and attacks growing 40% in volume overall from Q1, according to Radware. Their Q2 report also indicated a trend toward burst attacks, which repeatedly attack targets with short bursts of high-volume traffic at frequent, regular intervals–sometime for a span of several days.

Ransom-Based DDoS Attacks and DDoS Ransomware

This year’s trend toward ransom-based DDoS attacks continued into Q2, but attackers’ strategies have shifted somewhat. Whereas ransom-based DDoS attacks earlier this year usually involved an attempt to extort money by threatening to attack or offering to stop an ongoing attack in exchange for cryptocurrency payments, we are now seeing a shift toward using DDoS as one component in larger cybersecurity events.

In this newer type of attack, DDoS is used as either a smokescreen, occupying cybersecurity teams while attackers gain access to other parts of the target’s systems, or as a tool for bringing companies back to the bargaining table when they refuse to make ransomware payments. The ransomware-as-a-service group Darkside, who was responsible for the Colonial Pipeline attack in the US in May this year, has advertised DDoS as an added capability that can be used in their ransom negotiations. Darkside’s attack on the Colonial Pipeline, which caused gas shortages across the U.S., ultimately resulted in a $4.4 million ransom payment.

This quarter’s DDoS trends toward ransom-based attacks demonstrate the importance of proactive planning for all organizations. Without it, the overwhelming need to resume business continuity may cause victims of DDoS extortion and DDoS ransomware to make huge payouts to cybercriminals, providing further incentive for future attackers hoping to make money off of DDoS attacks. An article last month in CISO Magazine reported that paying ransom is the primary solution over 60% of organizations would rely on in the event of a ransom-based cyberattack. By developing a proactive DDoS strategy, companies can avoid this kind of catastrophe and prevent the further spread of ransom-based attacks.

According to Forrester’s 2020 report on DDoS mitigation solutions, effective preparation strategies for mitigating attacks include:

  • Gathering and leveraging threat intelligence;
  • Assessing and limiting an application’s attack surface;
  • Creating built-in redundancies;
  • Developing a runbook with incident response processes and escalation paths; and
  • Finding a DDoS mitigation provider that fits your company’s needs. [1]

In addition, the trend toward using DDoS as one component in a larger security incident demonstrates the need for a full-stack solution with integrated security, enabling full visibility over the entire attack surface. Finally, as high volume and burst attacks become more common, it’s important to choose a mitigation partner with enough capacity to properly protect your company against large attacks.

DDoS Protection with Azion

Edge Firewall is Azion’s full-stack security solution, which includes DDoS Protection, WAF, and Network Layer Protection. When using Azion’s platform, organizations automatically benefit from our DDoS Protection at no additional cost. Thus, you get always-on mitigation that continuously monitors network flow to detect and block malicious traffic in real-time, with no impact on your applications.

Our comprehensive DDoS mitigation plan includes:

  • Protection for different business needs and high network capacity for increasingly large attacks
  • Low time to mitigate, with an average response time of less than one second
  • Always-on mitigation with no need to configure or parameterize services
  • Protection of content, web applications, and APIs
  • Advanced routing and sophisticated algorithms to automatically mitigate complex attacks
  • Deep visibility into attacks via Data Stream, which can be integrated with third-party analytic tools

With the continued high risk of DDoS attacks, the most important step a company can take in ensuring its availability and performance is to be prepared for attacks before they begin. Using Azion’s DDoS Protection can ensure your company is safe from this ongoing threat.


[1] Holmes, D., Blankenship, J., Bouffard, A., & Lynch, D. (2020). Now Tech: DDoS Mitigation Solutions, Q2 2020 (pp. 11-12, Rep.). Cambridge, MA: Forrester.

stay up to date

Subscribe to our Newsletter

Get the latest product updates, event highlights, and tech industry insights delivered to your inbox.