NBIP logo

DDoS attacks in 2020 more powerful, more complex and longer

NaWas
Compared to previous years, DDoS attacks have become more powerful and complex. Simultaneously, we are seeing an increase in the duration of DDoS attacks. This is evident from the 2020 DDoS data report by NBIP, which manages the National Anti-DDoS Scrubbing Center (NaWas). NBIP publishes quarterly reports and an annual report on DDoS attacks observed in the NaWas. The new annual report is available for download as of today. In 2020, we observed several notable developments. DDoS attacks became more complex, powerful, and lasted significantly longer compared to attacks in 2019. The maximum power of a DDoS attack was 200 Gbps, compared to 124 Gbps and 68 Gbps in the two previous years. Additionally, NaWas recorded the longest DDoS attack ever, lasting 20 days and 6 hours. In 2019 (1 day and 12 hours) and 2018 (1 day and 4 hours), the longest DDoS attacks were much shorter. The most common attacks were DNS Amplification and LDAP Amplification. They were particularly powerful and largely targeted at internet service providers and large enterprises. In the last three months of 2020, we saw an increase in the number of technically more complex attacks: the so-called carpet bombing. In August, powerful attacks on the infrastructures of internet service providers began and continued. These were exceptionally powerful attacks with a capacity of up to 167 Gbps and lasted longer than 4 hours.

1610 attacks in 2020

The increasing duration, complexity, and scale of DDoS attacks fit into a trend that has been ongoing for several years. “In 2018 and 2019, we recorded 938 and 919 attacks respectively. In 2020, that number rose to a staggering 1,610. This represents a significant increase in the number of attacks in just one year,” says Octavia de Weerdt, General Director of NBIP. “This trend continues this year as well. In the first quarter of 2021, we have already observed more attacks than in half of 2020, with the most powerful attack having a magnitude of 300 Gbps.” Despite the increase in the number, duration, and complexity of DDoS attacks, we’re not doing so badly in the Netherlands compared to other countries. “With our advanced anti-DDoS platform NaWas, which we have set up together with participating internet service providers and several other large organizations, we are very well equipped to adequately repel even very powerful and complex DDoS attacks. This has allowed us to prevent a lot of economic damage by enabling companies and remote workers to continue working undisturbed,” explains De Weerdt.

Collective defense via NaWas

NaWas was launched in 2014 as a collective defense against DDoS attacks. Many hosting providers and other online service providers use the collective scrubbing center. Throughout its existence, the scrubbing center has successfully mitigated thousands of DDoS attacks. In this process, the polluted traffic from the attacker(s) is separated from the ‘clean’, legitimate traffic. This clean traffic is then routed back to the participant via a separate connection through an internet exchange. This way, the systems of NaWas participants remain available to users.” This translation maintains the structure and content of the original Dutch text, providing a comprehensive overview of the DDoS attack trends in 2020 and early 2021, as well as information about the NaWas anti-DDoS system in the Netherlands.
Download het rapport
Download infographic

News

DDoS attacks in Q3 2025
NaWas, News
NBIP publishes latest edition of the Annual Monitor
Reports
Connect2Trust, NBIP, and SIDN Fund are jointly increasing the Netherlands’ digital resilience
News
DDoS attacks in Q2 2025
NaWas, News

Wil je meer informatie of je abonneren op onze nieuwsbrief?

NBIP logo
NBIP NEXT
Platform- and supplier-independent Cloud with Haven

Thursday, 27 November – 1:50 p.m. – 2:30 p.m.

Haven is an open solution for platform- and supplier-independent Cloud services. Haven is a building block of the pGDI and the NDS. Haven offers agnostic configuration of Cloud technology and provides organisations with a feasible exit plan. Expect an inspiring story about the practice of ecosystem-driven collaboration, in which we use the power of digitisation for the benefit of society.

Highlights:

  • Haven+
  • Ecosystem-driven collaboration
  • Platform- and supplier-independent cloud services
  • Data sovereignty

About Jacco Brouwer

Jacco Brouwer works for the Association of Netherlands Municipalities as Cloud Policy Coordinator and represents municipal interests in the NDS implementation programme on Cloud. From the Innovation Knowledge Centre at VNG, Jacco is the initiator of the public Incubator GROEI, through which VNG guides municipal collaboration and innovations based on a start-up philosophy in scaling up to broad and collective use among municipalities and fellow authorities.

Jacqueline van de Werken is bijna 10 jaar actief als global general counsel bij Leaseweb, na een loopbaan in de advocatuur en actief te zijn geweest in legal & regulatory affairs bij buitenlandse telecom/ datacom aanbieders.

Sinds enige tijd is Jacqueline ook board member & secretaris van brancheorganisatie Dutch Cloud Community. Als president/chair bij Cloud Infrastructure Service Providers Europe richt ze zich ook op het behartigen van regulatory belangen van de IAAS cloud sector.

Woensdag 26 november 

Van vrijwillig naar verplicht: de nieuwe werkelijkheid van regelgeving voor providers

Interactieve sessie

11:15 – 12:00 uur

Ir. Bas Dunnebier EngD

Bas Dunnebier is Chief Science and Technology Officer (CSTO) bij de Algemene Inlichtingen- en Veiligheidsdienst (AIVD). De CSTO speelt in op de kansen en uitdagingen die technologische en wetenschappelijke innovatie met zich meebrengen, onder meer voor de offensieve en defensieve taken van de dienst.

Eerder vervulde Dunnebier verschillende andere functies binnen de AIVD, waaronder die van hoofd Unit Weerbaarheid. Hij heeft daardoor een brede expertise ontwikkeld op het gebied van (cyber)weerbaarheid, inlichtingen, en technologieën zoals AI, quantum en cryptologie. Hij studeerde Toegepaste Wiskunde aan de Universiteit Twente, en Informatie- en Communicatietechnologie aan de Technische Universiteit Eindhoven. Voordat Dunnebier bij de AIVD kwam werken, werkte hij onder meer bij Thales, TNO en Technolution.

Het huidige dreigingsbeeld volgens de AIVD: wat nu te doen?

Woensdag 26 november 
14:00 – 14:35
Parkzaal: Wet- en Weerbaarheid

During his presentation, Dr. Alberto P. Martí will provide an update on the European IPCEI Cloud Infrastructure and Services (CIS) project.

Thursday, 27 November

3:00 p.m. – 3:45 p.m.

Parkzaal: Towards digital autonomy

During NBIP NEXT, René will share more about the implementation of the eEvidence legislation that will come into force for internet service providers on 18 August 2026.

Wednesday 26 November

3:00 p.m. – 3:35 p.m.

Parkzaal: Track Law & Resilience

During NBIP NEXT, Johan will give a presentation as part of the DDoS Mitigation track on how to use a WAF to mitigate layer 7 attacks.

Wednesday, 26 November
1:15 p.m. – 1:50 p.m.
Fonteinzaal: Collaborative DDoS mitigation track (ENGLISH)

Dr. Cristina Caffarra is one of the driving forces behind EuroStack. This movement, which has the ear of politicians and policymakers in Europe, is campaigning for more investment in European technology, based on the belief that this is the only path to digital autonomy.

Caffarra is a competition expert and knows the world of big tech companies from the inside. She has made important contributions to competition investigations into mergers and antitrust cases for the European Commission. Caffarra does not mince her words and tells it like it is: we must work together to give shape to European digital autonomy as quickly as possible. At NBIP NEXT, she will share her vision during an inspiring keynote speech, followed by an opportunity for discussion.

Thursday 27 November
1:15 p.m. – 1:50 p.m.
Parkzaal: Towards digital autonomy