Final Thoughts

Despite the drop in overall attack numbers, there’s no question that attackers haven’t halted their war against corporations, services providers, or connected consumers. In fact, they’ve become even more entrenched, sharpening their skills with new strategies and mastering techniques to ensure the biggest payday from their extortion efforts. Likewise, attackers continue to add to their tactical playbook, strengthening their botnet armies and running drills using DDoS-for-hire services.

Attackers launched three high-profile DDoS extortion campaigns in 2021—a first-time victory upon which they undoubtedly will continue to build, given that just one of those attacks resulted in at least $9 million in revenue loss. And triple extortion attacks continue to reap massive rewards for attackers, who are constantly innovating and placing new targets in the crosshairs.

In many cases, attackers are targeting organizations and service providers that have been lulled into a false sense of security because they aren’t the usual targets. But just because attackers haven’t focused as much attention on a particular vertical in the past in no way signals that they won’t do so in the future. Indeed, attackers recognize that such companies likely haven’t been as stringent in securing networks as they should have been, making them a lucrative target.

So although it’s great to see a decrease in attacks to prepandemic days, making security decisions without considering the big picture is a matter of winning the battle but losing the war.