The Fight Against the Hydra: New DDoS Report from Link11

Complexity and number of attacks increased again.

March 11, 2022

5 Min Read


  • DDoS Report from Link11: Year-on-year comparison 2020/21: Increase of DDoS attacks in the international Link11 network by 41 percent.

  • Highest attack reached around 4.5 Tbps.

  • Average attack bandwidth peak nearly tripled - from 161 Gbps to 437 Gbps.

  • Marc Wilczek (Managing Director, Link11):

Frankfurt am Main, 2022 March 9. Over the last few years, a constant increase in distributed denial of service attacks has been recorded - primarily forced by waves of blackmailers. Geopolitical tensions are now being added to the already high level of previous years. Against the backdrop of the events in the Ukraine conflict, it is to be expected that cyberattacks will also continue to increase as a means of asymmetric warfare. The main focus here is on DDoS attacks, which cause complex IT infrastructures to fail, for example at public authorities or financial institutions, with the aim of sabotaging and unsettling them. The number of DDoS attacks measured in the Link11 network has already increased noticeably in the past year. As Europe's leading IT security provider for cyber resilience, Link11 is today publishing new data on this in its in-house DDoS Report 2021.

According to the report, the number of DDoS attacks increased by 41 percent between 2020 and 2021. Compared to an already high level driven by cybercriminals looking to capitalize on the digitalization wave at the start of the pandemic, the volume of attacks has increased further.

Attack bandwidths have also followed the same trend and have consistently increased. The highest bandwidth measured on the Link11 network was over 1 Tbps, adding up to over 4.5 Tbps of volume in just under two hours. Numerous other high-volume attacks occurred, especially in the second half of 2021. According to the report, the average attack bandwidth peak in 2021 was 437 Gbps, up from 161 Gbps in 2020. In contrast, the average total bandwidth fell from 1.5 to 1.4 Gbps due to the increase in so-called "carpet bombing". Among other things, the new and massive botnet Meris was responsible for the increase in high-volume attacks. It can cause lasting disruption to even very robust networks by sending a large number of requests per second (RPS).

In addition, 71 percent of all attacks were identified as multi-vector. This means that the perpetrators used multiple access paths and methods - which is increasingly becoming the norm today. The challenge: The more vulnerabilities and protocols attackers use, the more difficult it is to detect and defend against attacks, thus increasing the likelihood of success for attackers. The bottom line is that these are different, synchronously running attacks that also have to be identified individually. In 2020, the proportion of multi-vector attacks was still 59 percent. Commenting on this trend, Jag Bains, Vice President Solution Engineering at Link11, says:

"Fighting multi-vector attacks is like fighting the Hydra: Defuse one vector and it's replaced by two new ones."

Furthermore, Link11 notes an increase in "carpet bombing," or the concerted flooding of systems with single pinpricks. In these technically complex attacks, unlike high-volume attacks, the traffic per IP address is so low that many protection solutions fail to detect them as an anomaly. The attacks infiltrate the radar and are difficult to mitigate.

In addition, ransom DDoS once again strengthened as a trend: More and more cybercriminals are increasingly demanding ransom in DDoS attacks. This trend could be reinforced by the fact that DDoS attacks were often used last year disguised as a smokescreen, e.g., in connection with a ransomware attack. In the slipstream of a massive DDoS attack, hackers can thus penetrate unnoticed through the digital backdoor of network security and, for example, place malware before forcing the web servers to reboot.

The full report is available for download on Link11’s website.


About Link11

Link11 is the leading European IT security provider in the field of protecting web services and infrastructures against cyber-attacks. Headquartered in Germany, Link11 maintains global locations, including Europe, North America, and Asia. The company’s cloud-based IT security services help customers avoid business disruptions and strengthen the cyber-resilience of their business networks and critical applications. Link11's product portfolio includes a wide range of security services, such as web and infrastructure DDoS protection, Bot Management, Zero-Touch WAF, and Secure CDN Services. According to unanimous analyst opinion (Frost & Sullivan, Gartner, Forrester), Link11 offers unique high-performance mitigation across all layers and for all attack vectors, including unknown ones, within seconds. Technological basis for this is Link11's patented DDoS protection, which relies on machine learning and consistent automation. The company's own global multi-terabit network with currently 43 PoPs (Points Of Presence), which interconnects the DDoS filter clusters, is monitored 24/7 by the Link11 Security Operations Center.

The German Federal Office for Information Security (BSI) recognizes Link11 as a qualified DDoS protection provider for critical infrastructures. With ISO certification 27001, the company also offers high-level data security processes. Since its launch in 2005, Link11 has received multiple awards for its innovative solutions and business growth.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights