An Overview of DDoS Attacks in Q2 of 2021


This post is also available in: French German Italian Portuguese (Brazil) Spanish Russian

Unsurprisingly gaming and telecommunication industries experienced the largest attack volumes in Q2. We saw a rise in burst attacks and were introduced to new threat actors and hacktivist groups rising from the shadows.­ The bottom line is cybercriminals are becoming more brazen in their attacks and ransoms. No industry is immune to a cyberattack but what is certain is if your applications and networks are ­unprotected, they will work relentlessly to disrupt access and intentionally cause significant damage to your organization’s reputation.

Methods Attackers Used to Disrupt Access to your Networks and Applications

The objective of volumetric attacks is to saturate the internet links; on average, 90% of the attack volume targeted HTTP or HTTPS (see Figure Below)! Even if an organization does not expose HTTP(S) services, volumetric assaults can overrun internet pipes and network equipment.

Top Applications by Volume

UDP is still the most leveraged protocol when it comes to volume for DDoS attacks, which is not surprising considering UDP traffic can be easily spoofed and most of the amplification attack vectors are UDP-based.

DDoS Attacks Used By Attackers

Bursts attacks, also known as hit-and-run DDoS, use repeated short bursts of high-volume attacks at regular intervals. Each short burst can last only a few minutes, while a burst attack campaign can span hours or even days. Throughout Q2 of 2021, Radware observed several burst attacks in attack size and frequency aimed at customers in the finance and tech industries.

RDoS Campaigns

Gaining popularity in the news are ransom denial of service (RDoS) attacks. In short, this is when an organization receives a notice with demands to pay a ransom or else become the target of a ferocious DDoS attack rendering their network and service availability useless and nonexistent. For example, a threat actor posing as ‘Fancy Lazarus’ demanded a payout between 0.5 and 5 bitcoins to prevent a DDoS attack against a victim’s network assets. In early May, several internet service providers (ISPs) in Scandinavia, Western Europe, and Ireland reported receiving ransom letters followed by DDoS attacks. By the end of May, Radware had numerous emergency onboardings of its cloud security services from organizations that had received these ransom letters.

[Like this post? Subscribe now to get the latest Radware content in your inbox weekly plus exclusive access to Radware’s Premium Content.]


Where there is political unrest, chances are you find a hacktivist operation. DragonForce Malaysia (a pro-Palestinian hacktivist group in Malaysia) targeted the Middle east in mid-June, during an operation named #OpsBedil, with a series of attacks, including DDoS attacks

*Find out what the three fastest attack vectors for Q2 were by downloading the full report here.

Q2 Report


Please enter your comment!
Please enter your name here