• DDoS

The Beat Goes On

Record-breaking DDoS activity surged into the first quarter of 2021.

Quarterly DDoS Update
by Carol Hildebrand on


The 2H2020 Threat Intelligence Report correctly predicted that 2020’s record-breaking distributed denial of service (DDoS) attack activity would follow the COVID-19 pandemic into 2021. While we generally love being right, this is not one of those times.
According to research from NETSCOUT’s ATLAS Security Engineering & Response Team (ASERT), threat actors launched approximately 2.9 million DDoS attacks in the first quarter of 2021, a 31% increase from the same time in 2020.  That’s an extraordinary number in several ways: 

  • If this activity holds, we are on a trajectory that blows right by the unprecedented 10-million attack threshold recorded in 2020.
  • The first two months of the year are usually the slowest months in the DDoS attack calendar. This year, we saw 972,000 attacks in January, which eclipses the record set last May for the largest number of attacks yet seen in one month. 
  • All three months of the first quarter surged over the 900,000-attack mark—just as we were getting used to the new baseline of 800,000 attacks per month. 

Given those numbers, it seems clear that the “up and to the right” mantra is likely to hold for quite a while yet. 

DDoS Attacks: First Quarter 2021

  • Total attacks: 2.9 million
  • 31% increase year over year
  • Max size: 480 Gbps
  • Max throughput: 675 Mpps
  • Top attack type: 
    • UDP (this encompasses all 30+ UDP Reflection/Amplification DDoS Vectors we track)

Several other things jumped out from our comparison of the Q1 2021 stats with those of 2020. Attack size remained relatively flat, with no massive terabit attacks observed. Meanwhile, attackers continue to find value in pouring on faster, more difficult-to-mitigate attacks. Adversaries ratcheted up throughput considerably, as the max throughput recorded increased 71% compared with Q1 2020. Attackers also seem to be homing in on a duration sweet spot of five to ten minutes, used by 42% of attacks. Attacks under five minutes dropped from 24% to 19%, while longer-duration attack numbers did not change appreciably. 

Finally, we examined activity targeting pandemic lifeline industries such as ecommerce, online learning, and healthcare, which all experienced increased attention from malicious actors in 2020.  Judging from attack numbers over the past three quarters, these areas largely remain targets, although there are fluctuations. 


Healthcare organizations experienced about 7,000 attacks in the third quarter of 2020, 10,000 attacks in the fourth quarter, and 8,400 attacks in the first quarter of 2021. That Q1 number represents a 53% increase year over year.


We saw a 41% jump in attacks on educational services over the past three quarters: 32,000 attacks from July-September 2020, 39,000 attacks from October-December, and 45,000 attacks in the first quarter of 2021. 

Online services  

Although still high relative to non-pandemic quarterly numbers, activity in Other Information Services (a sector inhabited by companies such as Netflix and Zoom) has declined by 20% over the past three quarters, from 74,000 attacks in the third quarter of 2020 to 59,000 attacks in Q1 2021. 


As we know, adversaries thrive on constant innovation. Attacks will only grow more complex, and threat actors will continue to discover and weaponize new attack vectors designed to exploit the vulnerabilities exposed by this enormous digital shift. It is imperative that defenders and security professionals remain vigilant to protect the critical infrastructure that connects and enables the modern world.