Data from one cybersecurity firm is showing that HTTP flood attacks are waning, while TCP/UDP packet floods are ever-rising tides.

The nature of DDoS attacks is constantly changing, and some new trends are developing, according to researchers from StormWall.

Analyzing their own customer data, the experts found that from January to September 2021, the average number of DDoS attacks per organization around the world had trebled.

In addition, the number of TCP attacks had also increased, presumably due to botnets, which enable attacks with a capacity of several hundred gigabits, had recently become much cheaper to deploy.

Some of the findings include:

  • From Jan–Sep 2021, DDoS attacks on TCP protocols accounted for 45% of the total number of all DDoS attacks in the firm’s client base. In the same period last year, the share of DDoS attacks on TCP protocols was 14%.
  • In the same period, the percentage of UDP attacks was 22%, while this number was 34% last year. This indicates that the percentage of UDP flood-type attacks in the ecosystem is decreasing, while TCP flood-type attacks are in the phase of rapid growth and are becoming more common in the Stormwall user ecosystem.
  • In the same period this year, DDoS attacks over the HTTP protocol accounted for 30% of the total number of attacks, although last year the share of this type of attack was 51%. Data shows that hackers’ have lost interest in attacking websites at the HTTP level because packet floods (TCP/UDP) are now often more efficient and cheaper than HTTP floods due to easy access to powerful botnets for organizing attacks (over 200Gb/s) that work at the packet level for just US$100 per day.

According to the firm, hackers will continue to experiment with different types of DDoS attacks and also try to reduce their costs. It is possible that they may experimenting with rarely-used types of DDoS attacks that exploit vulnerabilities of certain applications and require less energy to disable the victim.