DDoS Regional Attack Trends

The long tail of COVID-19-driven attack activity is generally reflected across regional statistics, with significant increases in both attack frequency and duration that reflect the growth of complex, multivector attacks.

Indeed, EMEA experienced a 31-vector attack, the largest multivector attack yet seen. Aside from perennial chart toppers such as wired and wireless telecommunications, attackers continued to target key online industries such as cloud providers, online shopping, and streaming video and conference services, which all experienced increased attacks.

Key Takeaways


Attack frequency

Another six months of disproportionately strong growth in attack frequency, with Latin America (LATAM) showing a whopping 39 percent growth rate compared with 1H 2020. This is striking, considering that LATAM already showed 50 percent growth over the course of 2020. Indeed, LATAM showed disproportionate growth across all categories for the second report in a row, likely reflecting significant political and ideologically motivated activity in the region.


Multivector attacks

Adversaries continued to launch increasing numbers of complex multivector attacks, with EMEA and APAC recording a new high-water mark in terms of vectors used in a single attack. Multivector attacks in EMEA, which recorded the 31-vector attack, grew by 29 percent compared with the same period in 2020. Even more telling, the use of 20-plus vector attacks skyrocketed. Whereas the largest multivector attack in 2020 clocked in with 26 attacks, the first half of 2021 went well beyond, with 15 attacks ranging from 27 to 31 vectors.


Attack size

Three of the four regions experienced terabit-class attacks ranging from 1 Tbps to 1.5 Tbps. As a result, we saw significant percent increases in max attack size year over year.


Attack throughput

Regional attacks exhibited considerable variability in throughput; LATAM and APAC both saw throughput increase as attackers pumped up the packets per second in an effort to overwhelm network resources and applications. North America and EMEA, on the other hand, saw throughput numbers sink.


Attack duration

Attack durations increased across all regions, with significant growth in EMEA and APAC. This bucks the trend of the last 18 months toward shorter attacks and is a direct result of the proliferation of adaptive DDoS attack tactics.

Global Map of Regional Attacks

Peak DDoS

For the past several reports, we’ve analyzed the effect DDoS traffic has on global infrastructure. Given the record-breaking DDoS attack activity seen in the first half of 2021, we can expect to see some impactful peak spikes of aggregated DDoS traffic.

By digging into the details of global DDoS traffic by region, we were able to associate some of these aggregate traffic-per-minute spikes with actual events to illustrate the real-life impact of DDoS traffic. This provides a clearer understanding of how global campaigns and disparate attacks working in concert negatively impact a network or individual entities within that network.

Spotlight on Brazil and Angola

globe with Brazil blue circle focus


March 10, 2021

The Attack
Nearly 50 local telecommunications providers in Brazil experienced attacks within a one- to three-minute window. The bulk of the attacks started simultaneously, suggesting that this was a coordinated, multitarget onslaught. Most of the attacks were less than 7 Gbps in size, with one exception reaching 221 Gbps in size. Attackers continued to launch successive attacks against the same targets for more than an hour.


The Peak DDoS Spike
At one point during the attack campaign, nearly 2 Tbps of aggregate DDoS traffic transited local ISPs in one minute, likely affecting significant amounts of bystander traffic in addition to the direct impact on the intended targets.

globe with Angola green circle focus


March 19, 2021

The Attack
Over the course of six minutes, 81 separate DDoS attacks were launched against companies within the Internet Publishing and Broadcasting sector, primarily targeting a local TV provider in Angola. These short-lived attacks averaged 7 minutes per attack, with durations ranging from 2 minutes to 19 minutes.


The Peak DDoS Spike
The TV provider experienced approximately 1.4 Tbps of peak DDoS attack traffic over a one-minute time span.

Country Snapshots