In March of 2021, Cloudflare introduced our autonomous edge DDoS (Distributed Denial of Service) protection system and explained how it is able to drop attacks at wire speed without impacting performance. It runs in our networks’ edge, analyzes traffic asynchronously to avoid impacting performance, and pushes mitigation rules in-line immediately once attacks are detected. All of this is done autonomously, i.e., without requiring centralized consensus.
This report comprises DDoS insights and trends that are based on attacks that Cloudflare’s systems mitigated during the first quarter of 2021. When we analyze attacks, we calculate the “DDoS activity” rate, which is the percent of attack traffic out of the total traffic (attack + clean). This allows us to normalize the data points and avoid biases towards, for example, a data center that sees more traffic and therefore also more attacks.
Report highlights include:
• Network-layer DDoS attacks
• On the Cloudflare network, the highest DDoS activity was observed in data centers in Rwanda, China, and Brunei.
• Almost 44% of all of the attacks in Q1 2021 occurred in January.
• Top emerging threats include attacks targeting Jenkins and Team Speak 3 servers, which increased by 940% and 203% QoQ, respectively.
• Additional emerging threats include floods of QUIC version negotiation packets that may have been an attemt to disrupt Cloudflare’s infrastructure.
Application-layer DDoS attacks
• In Q1 2021, the most HTTP attack traffic originated from China. Following closely was the US. The next runner ups were Malaysia, India, Brazil and Germany.
• The telecommunication industry was the most attacked in Q1 2021.
• The top three attacked industries include Telecommunications, Consumer Services, and Security and Investigations.
• The most attacked Internet properties were of companies based in China, the US, and Morocco.