Link11 DDoS Report at Mid-year Reveals 33% More Attacks

In addition to an increase in attack numbers by a third compared to the same period last year, the number of high-volume attacks also went also up.

September 2, 2021

4 Min Read


31st August 2021- Link11, Europe’s leading IT security provider in cyber resilience, has published its annual Link11 DDoS Report for the first half of the year. The report shows that DDoS criminals were once again very active between January and June 2021, launching a record-breaking number of attacks.

The Link11 Security Operations Center (LSOC) recorded a third (33%) more attacks than in the same period last year in the DDoS record year of 2020. Attacks were already at a high level in 2020, and once again increased significantly in 2021, continuing unabated. Within the half-year, the number and power of DDoS attacks have once again increased noticeably. For example, LSOC registered 19% more attacks in Q2 than in the previous quarter. But this quarter was already characterized by a large number of attacks on vaccination centers and e-schooling platforms, among others.

High attack volumes combined with longer durations

The report also shows that numerous attacks exceeded 100 Gbps in attack volume. Their number increased compared to the first half of 2020: from 30 to 40 attacks. In addition, there were hundreds of attacks with bandwidth peaks between 20 and 100 Gbps. Whether employing hijacked cloud accounts or botnets, these attack bandwidths are becoming the norm. Many of these high-volume attacks dragged on for hours. Usually high-bandwidth attacks end after a few minutes to conserve the attackers’ resources. In the first half of the year, the largest attack stopped at 555 Gbps and exceeded the maximum attack bandwidth of the same period last year by almost 38%.

The most important source countries for attacks were the USA and Germany

The devices and servers that attackers abused for DDoS attacks were distributed globally. In the 1st half of the year, most malicious DDoS traffic came from the USA. The second most frequent attacks could be traced to Germany. DDoS traffic from Russia and China, which accounted for most traffic in previous years, decreased significantly.

Ransom DDoS extortions on the rise

Of note is the rising incidence of DDoS extortions. Since the beginning of 2021, several of these waves (RDDoS - Ransom Distributed Denial of Service) have targeted financial, e-commerce, media and logistics, industrial, consumer goods, telecommunications, and hosting provider/ISP companies. The peaks of ransomware activity were in January and June, which required a large number of emergency integrations of DDoS protection solutions. The perpetrators recently posed as the “Fancy Lazarus Group.” The actions of the perpetrator(s) were largely identical to the criminal activities of DDoS extortionists operating under the names Armada Collective, Fancy Bear, and Lazarus Group since the summer of 2020.

There’s no end in sight to the current wave of Ransom DDoS attacks, LSOC warns. Rather, companies must prepare for cyber-extortion with DDoS attacks to become a permanent part of the threat landscape and increasingly combined with other attack techniques - particularly ransomware.

Marc Wilczek, managing director of Link11, said, “In the first half of the year, we registered an incredibly high number of DDoS attacks and extortions. For inadequately protected companies, this often posed a major challenge, as we noticed from the high number of emergency deployments. Even tools and systems already in place were regularly pushed to their limits, and some companies didn’t realize this until the emergency hit. However once the acute threat has been overcome, such an incident offers those responsible for security the opportunity to rethink their own strategies and close the gaps in their own IT security systems. After all, prevention is better than emergency management.”

The entire report is available for download on the Link11 website:

About Link11

Link11 is the leading European IT security provider in the field of cyber-resilience headquartered in Germany, with sites worldwide in Europe, North America, Asia and the Middle East. The cloud-based security services are fully automated, react in real-time and defend against all attacks, including unknown and new patterns, in under 10 seconds. According to unanimous analyst opinion (Gartner, Forrester) Link11 offers the fastest detection and mitigation (TTM) available on the market. The German Federal Office for Information Security (BSI) recognizes Link11 as a qualified DDoS protection provider for critical infrastructures.

To ensure cyber-resilience, web and infrastructure DDoS protection, Bot Management, Zero Touch WAF and Secure CDN Services among others provide holistic and cross-platform hardening of business' networks and critical applications. The 24/7 operated Link11 Security Operation Center, which is located at sites in Germany and Canada according to the follow-the-sun principle, provides the reliable operation of all systems and manages the expansion of the global MPLS network with 43 PoPs and more than 4 Tbps capacity. Guaranteed protection bandwidths of up to 1Tbps provide maximum reliability. International customers can thus concentrate on their business and digital growth. Since the company was founded in 2005, Link11 has received multiple awards for its innovative solutions and business growth.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights