DDoS attacks in 2020 more powerful, more complex and longer

Compared to previous years, DDoS attacks have become more powerful and complex. At the same time we see the duration of DDoS attacks increasing. This is shown in the 2020 DDoS data report from the National Internet Providers Management Foundation (NBIP), which operates the National Anti-DDoS Wash (NaWas).The NBIP publishes quarterly reports and an annual report on the DDoS attacks observed in the NaWas.

In 2020, we saw a number of notable developments. DDoS attacks became more complex, more powerful, and most importantly, lasted a lot longer compared to the attacks in 2019. The maximum power of a DDoS attack was 200 Gbps, compared to 124 Gbps and 68 Gbps in the two previous years. In addition, the NaWas recorded the longest DDoS attack ever. This one lasted a whopping 20 days and 6 hours. In 2019 (1 day and 12 hours) and 2018 (1 day and 4 hours) the longest DDoS attacks lasted much shorter.

The most common attacks were DNS Amplification and LDAP Amplification. They were particularly powerful and largely targeted Internet service providers and large enterprises. In the last three months of 2020, we saw an increase in more technically complex attacks: so-called carpet bombing. In August, powerful attacks on the infrastructures of Internet service providers began and continued. These were extremely powerful attacks up to 167 Gbit per second and lasted longer than 4 hours.

1610 attacks by 2020

The increasing duration, complexity and scale of DDoS attacks is part of a trend that has been ongoing for several years. “In 2018 and 2019, we recorded 938 and 919 attacks, respectively. In 2020, there were a staggering 1610. That represents a significant increase in the number of attacks in one year,” said Octavia de Weerdt, managing director of NBIP. “This trend continues this year as well. In the first quarter of 2021, we have already observed more attacks than in the whole of 2020, with the most powerful attack reaching 300 Gbps.”

Despite the increase in the number, duration and complexity of DDoS attacks, the Netherlands is not doing that badly compared to other countries. “With our advanced anti-DDoS platform NaWas, which we have set up together with participating internet service providers and a number of other large organizations, we are very well able to adequately mitigate even very powerful and complex DDoS attacks. This has already prevented a lot of economic damage because companies and home workers have been able to continue working without interruption,” explains De Weerdt.

Collective mitigation via NaWas

The NaWas was started in 2014 as a collective fight against DDoS attacks. Many hosters and other online service providers use the collective scrubbing center. In its existence, the scrubbing center has successfully mitigated thousands of DDoS attacks. In this process, the dirty traffic of the attacker(s) is separated from the ‘clean’, legitimate traffic. This clean traffic is routed back to the participant via a separate connection through an Internet exchange. In this way, the systems of participants in the NaWas remain available for users.

Download report
Download infographic

Would you like more information or subscribe to our newsletter?