Compared to previous years, DDoS attacks have become more powerful and complex. Simultaneously, we are seeing an increase in the duration of DDoS attacks. This is evident from the 2020 DDoS data report by NBIP, which manages the National Anti-DDoS Scrubbing Center (NaWas). NBIP publishes quarterly reports and an annual report on DDoS attacks observed in the NaWas. The new annual report is available for download as of today.
In 2020, we observed several notable developments. DDoS attacks became more complex, powerful, and lasted significantly longer compared to attacks in 2019. The maximum power of a DDoS attack was 200 Gbps, compared to 124 Gbps and 68 Gbps in the two previous years. Additionally, NaWas recorded the longest DDoS attack ever, lasting 20 days and 6 hours. In 2019 (1 day and 12 hours) and 2018 (1 day and 4 hours), the longest DDoS attacks were much shorter.
The most common attacks were DNS Amplification and LDAP Amplification. They were particularly powerful and largely targeted at internet service providers and large enterprises. In the last three months of 2020, we saw an increase in the number of technically more complex attacks: the so-called carpet bombing. In August, powerful attacks on the infrastructures of internet service providers began and continued. These were exceptionally powerful attacks with a capacity of up to 167 Gbps and lasted longer than 4 hours.
1610 attacks in 2020
The increasing duration, complexity, and scale of DDoS attacks fit into a trend that has been ongoing for several years. “In 2018 and 2019, we recorded 938 and 919 attacks respectively. In 2020, that number rose to a staggering 1,610. This represents a significant increase in the number of attacks in just one year,” says Octavia de Weerdt, General Director of NBIP. “This trend continues this year as well. In the first quarter of 2021, we have already observed more attacks than in half of 2020, with the most powerful attack having a magnitude of 300 Gbps.”
Despite the increase in the number, duration, and complexity of DDoS attacks, we’re not doing so badly in the Netherlands compared to other countries. “With our advanced anti-DDoS platform NaWas, which we have set up together with participating internet service providers and several other large organizations, we are very well equipped to adequately repel even very powerful and complex DDoS attacks. This has allowed us to prevent a lot of economic damage by enabling companies and remote workers to continue working undisturbed,” explains De Weerdt.
Collective defense via NaWas
NaWas was launched in 2014 as a collective defense against DDoS attacks. Many hosting providers and other online service providers use the collective scrubbing center. Throughout its existence, the scrubbing center has successfully mitigated thousands of DDoS attacks. In this process, the polluted traffic from the attacker(s) is separated from the ‘clean’, legitimate traffic. This clean traffic is then routed back to the participant via a separate connection through an internet exchange. This way, the systems of NaWas participants remain available to users.”
This translation maintains the structure and content of the original Dutch text, providing a comprehensive overview of the DDoS attack trends in 2020 and early 2021, as well as information about the NaWas anti-DDoS system in the Netherlands.
