2021 Had Very High Numbers of DDoS Attacks on the Healthcare Sector

A new Comcast Business report shows that 2021 had 9.84 million Distributed Denial of Service (DDoS) attacks reported, which increased by 14% from 2019, albeit somewhat lower than the prior year with 10.1 million attacks.

The minor decline in attacks was because of a few factors. 2020 was a remarkably awful year because it was a complete lockdown year. Employees were working remotely and students were learning from home. Attackers had a distinctive setting that allowed the launch of an unparalleled number of DDoS attacks. The high costs of cryptocurrencies in 2021 meant that numerous threat actors diverted their botnets from performing DDoS attacks to mining cryptocurrencies.

In 2021, 73% of DDoS attacks were carried out on just four industries – government, healthcare, education, and finance. Attackers followed seasonal trends and activities all through the year, with education getting attacked in accordance with the school year, and COVID-19 and vaccine availability encouraged DDoS attacks on the healthcare sector.

Multi-vector attacks rose by 47% in 2021. Comcast Business DDoS Mitigation Services secured clients against 24,845 multi-vector attacks directed at layers 3, 4, & 7 (Network, Transport & Application) at the same time. 69% of Comcast Business users were impacted by DDoS attacks in 2021, increasing by 41% from 2020, and 55% of Comcast Business customers encountered multi-vector attacks aimed at layers, 3, 4, & 7 concurrently. There was additionally a big increase in the number of vectors utilized in multi-vector attacks, growing from 5 in 2020 up to 15 in 2021, with the amplification methods in the attacks escalating from 3 to 9.

DDoS attacks send traffic to victims’ networks to render them unusable, and although attacks are usually performed only for that reason, it is typical for DDoS attacks to be done to distract companies and use resources while the attackers do other nefarious activities. There exists a good link between DDoS attacks and security breaches. Based on a Neustar survey, about half of businesses (47%) that encountered a DDoS attack found a virus within their networks following the attack, 44% stated malware was triggered, 33% claimed a network breach, 32% claimed customer information theft, 15% experienced a ransomware attack, and 11% were affected by financial theft.

The most serious attack that happened in 2021 was a 242 Gbps DDoS attack, which is sufficient to saturate even high bandwidth Ethernet Dedicated Internet (EDI) circuits in just minutes. The extent of attacks has expanded and development has been determined to be where threat actors carry out low-volume attacks to remain under the radar of IT teams and prompt damage on several levels. This strategy can break down website performance, yet the attacks are frequently not noticed by IT groups, who just find out they were targeted when they commence receiving complaints from clients.

DDoS attacks are not costly to execute, costing only a few dollars, though for a couple of hundred dollars massive attacks may be performed that can cripple companies. DDoS attacks could be unbelievably expensive for organizations. The attacks could prevent businesses from reaching their customers and meeting SLAs, and the attacks may lead to damaging financial and reputational harm. In certain instances, the damage is very severe that companies were pressured to permanently close. For organizations that rely on accessibility, every single minute of downtime can result in losses even up to millions of dollars.