32 Remarkable DDoS Statistics for 2021

Distributed Network Attacks can affect companies of any size, but they can target and debilitate internet shopping sites, hosting platforms, online casinos, and businesses that provide online services. 

Distributed Network Attacks are also referred to as Distributed Denial of Service (DDoS) attacks and they can be extremely damaging to a company’s reputation and wallet. 

DDoS are prevalent, and we have the stats to back it up. Here are the top 32 remarkable DDoS statistics that companies should beware of in 2021, as well as helpful information about DDoS attacks. 

The Top 2021 DDoS Trends

Legitimate users can’t access information systems, devices, or other network resources if under a targeted DDoS attack. Furthermore, these attacks are really hard to mitigate:

  • From 2014 to 2017, DDoS attack frequency increased by over 2.5 times. (Nexus Guard)
  • On average, a DDoS attack costs a company $20,000-$40,000 hourly. (Cox BLUE)
  • There were 52,500 DDoS attacks globally in 2020. (NSFocus)
  • DDoS attacks in 2020 generated 386,500 TB of traffic in total. (NSFocus)
  • Surprisingly, DDoS in 2020 decreased year-over-year (from 19.67% to 16.16%). (NSFocus)
  • In Q1 2021, the average size of DDoS attacks was 150Mbps. (Radware)
  • GitHub’s 2018 attack was the largest DDoS attack at 1.3 TBps. (vXchnge)

How Do DDoS Attacks Work?

A DDoS attack is when a hacker or system of hackers send multiple requests to a website to exceed the website’s request handling capability. This means that the website cannot function properly. In doing so, the normal requests made to that website are either extremely slow, not allowed, or completely ignored. 

As you can see, the hacker is trying to get a message across and “deny service” on a given website. 

Multiple distributed machines are coming together to attack a single host. And since network resources have a finite amount of requests that can be submitted simultaneously, they can easily be over-requested. 

The company or online services are therefore down during the attack so that they can’t get business. This can be incredibly damaging financially and to a business’s reputation. 

DDoS Attack Symptoms

DDoS attack symptoms are relatively easy to spot. The symptoms will first start to appear on the main hosting site and then trickle down to other sites. 

Primary symptoms include: 

  • Access to files on the targeted network (either remote files or local ones) is slow
  • Internet connection is destabilized or lost
  • You’re unable to access a website for a long period 
  • A significant increase in spam emails in a short amount of time

(Source: Norton)

Key DDoS Attack Statistics in 2021

DDoS attacks can be easy to instigate but difficult to mitigate. Here are some key DDoS attack statistics so that you can better understand this cybersecurity risk. 

1. In Q1 2021, the average size of DDoS attacks was 150Mbps.

(Source: Radware)

Radware reported a steady decrease in DDoS attack size, with Q1 of 2021 seeing a reduction down to 150Mbps from 315 Mbps in Q4 2020.

2. A 1.7TBps reflection/amplification attack, which occurred on March 5, 2018, was the biggest DDoS to date.

(Source: Ars Technica)

This incredible 1.7 TBps attack targeted an unnamed customer of a U.S.-based service provider. It was also unsuccessful!

3. On average, a DDoS attack costs a company $20,000-$40,000 hourly.

(Source: Cox BLUE)

That figure can even go up to $50,000! That’s roughly what the average American earns in a year.

4. Quarterly DDoS attack report finds Q1 2021 attack volume up dramatically

(Source: Radware)

2021 Q1 saw a range of large attacks in finance sectors, continuing off the ransom DDoS campaign that we saw in 2020. 

Extortionists were circling back to victims from early 2020 who did not pay the ransom. They reused attack research and increased the pace of their campaign to follow along with the Bitcoin value rates.

This increase was largely due to the amount of remote work that occurred because of the COVID pandemic. 

Understanding the Dynamics of DDoS Attacks

From large botnets to strategic attacks, each DDoS looks a little different. However, there are some commonalities that users can consider: 

5. 2021 Q1’s longest attack was 776 hours.

(Source: Kaspersky Lab)

That’s 32 days—or over a full month! Over one month of being restricted by a DDoS attack is definitely a long time; however, this is not necessarily normal for a DDoS attack. 

6. The majority of DDoS attacks in Q3 2020 (90%) lasted under 240 minutes, which is 4 hours.

(Source: Kaspersky Lab)

While we are seeing extremely long attacks, most of them are only a few hours. Even with these statistics, there were still five times the amount of ultra-long attacks (attacks that last for more than 140 hours) in Q2 2020. 

DDoS Attacks on Other Devices: Mobile Apps & Cloud

DDoS attacks don’t only occur on websites; they affect mobile apps and cloud-based services too. Organizations and hosting platforms need to also be considerate of the rate and demographics of DDoS attacks on other devices and Internet of Things devices as well. 

7. A large majority (80%) of banking apps and mobile e-commerce apps are vulnerable to DDoS attacks.

(Source: Appknox)

App technology is newer, and therefore contains a lot more vulnerabilities than websites do. Businesses need to be mindful of their app security, perform regular security tests and consider switching app platforms if they are at risk. 

Considering this statistic, we wouldn’t be surprised if DDoS mobile app attacks were on the rise in 2021 and 2022. 

8. 14% of hack attacks and data breaches on cloud services are DDoS attacks.

(Source: Procedia Computer Science)

DDoS is one of the top security threats for cloud computing. Luckily, top cloud companies like AWS have strong defensive capabilities against DDoS. This is extremely important considering the number of users who use that service. 

9. AWS Shield Standard, which protects Amazon CloudFront, detects and automatically mitigates over 99% of infrastructure layer attacks in less than 1 second.

(Source: AWS Shield)

Amazon CloudFront provides cloud services to millions of users globally, and a DDoS attack would not only affect individuals but organizations as well. Since Amazon has the largest server network in the world, it needs a powerful mitigation technique. AWS Shield Standard is extremely effective, and these statistics show that! 

Impressive DDoS Trends in 2021 and Future Years

DDoS trends are ever-changing. Given the rise in remote work due to the pandemic and the increased pressure on organizations to have higher cyber security, we will expect newer and more sophisticated DDoS trends in the future. 

10. In Q1 2020, there was a whopping 542% increase in DDoS activity compared to Q4 2019.

(Source: Nexus Guard)

While we saw a year-over-year decrease from 2020 to 2019, Q1 2020 saw a huge spike in DDoS activity. The beginning of 2020 recorded a 2.5 times increase compared to 2019 Q1 and an almost 4.5 times increase compared to Q4 2019.

The beginning of 2020 was when businesses began shifting to remote work due to the COVID pandemic. This, unfortunately, brought massive increases in cybercrime. 

Needless to say, DDoS activity and cybercrime activity will increase so long as remote work is on the rise. 

11. “UDP flooding” was the most popular attack type in Q4 2018 (19.7% of all attacks).

(Source: Kaspersky Lab)

A UDP flood attack is more complicated than the Transmission Control Protocol technique. UDP flooding includes using User Datagram Protocol, a connectionless computer networking protocol. Therefore, it is rather surprising to see this attack type rise at all. This trend could suggest more UDP flooding in the future, which may be harder for organizations to mitigate. 

12. HTTP misuse was the next most common attack type in Q4 2018 (6.4% of all attacks).

(Source: Kaspersky Lab)

HTTP misuse attack is the most widely regarded DDoS attack and is when hackers disguise their IP to make what appears to be legitimate HTTP get or post requests to overload the website or application. 

13. DoS and DDoS attacks are the most common type of cyber attacks.

(Source: Newrix)

While insider threats are categorized as most prevalent, DoS and DDOs attacks are the most common cyber attack types. They’re followed by MitM (Man-in-the-Middle), phishing and spear-phishing attacks, drive-by attacks, and password attacks.

Who Can Be Victim of a DDoS Attack?

DDoS attacks are major threats to the hosting industry and can greatly affect anyone who has an online website. Victims of a DDoS attack are usually large companies, companies with high competition, and companies in industries like online casinos, retail, and financial services. 

While a DDoS can attack small companies, they won’t usually feel a DDoS attack unless their hosting platform was affected. 

It can be difficult for victims to identify the source of the attack and protect themselves. Businesses should set up their best security defenses and data backups in the case that a DDoS attack happens to you or your host platform. 

Just about anyone can be a victim of a DDoS attack. Famous victims include: MasterCard, PayPal, Visa, GitHub, BBC, Bank of America/JP Morgan Chase/US Bancorp/Citigroup/PNC Bank, WordPress, the White House, the Federal Trade Commission, the Department of Transportation, and the Department of the Treasury.

Notable DDoS Attacks Demographics to Remember in 2021

China is a major hub for DDoS attacks:

14. China led DDoS attacks in Q3 2020. It was responsible for 70.20% of all attacks, increasing 20% in the last two years.

(Source: Kaspersky Lab)

Growth trends show that the U.S. was the second leading country (with 15.30%) and Hong Kong in third (4.47%).

15. China was also the most targeted country in the world, experiencing 72.83% of all attacks in Q3 2020.

(Source: Kaspersky Lab)

The U.S. and Hong Kong were second and third, respectively. 

16. GitHub, Dyn, BBC, and Bank of America/JP Morgan Chase/US Bancorp/Citigroup/PNC Bank are some of the biggest companies targeted by DDoS attacks in recent years.

(Source: vXchnge)

Companies of all sizes can experience a DDoS attack. With the right amount of protection and mitigation, businesses can more easily get out of a DDoS attack. 

The GitHub attack was the largest ever recorded (1.3 TBps) at that time. However, it only lasted 20 minutes. 

DDoS Attack Techniques in 2021

DDoS attacks grow in scale, complexity, and evolve naturally with market changes. However, for the most part, most DDoS attacks come from botnets. 

17. So far, the majority of botnet attacks have taken place in January, Q1 2021. 

(Source: Kaspersky Lab)

A botnet is “a network of private computers infected with malicious software and controlled as a group without the owners’ knowledge, e.g., to send spam messages.” Botnets are largely used for malicious attacks and in DDoS attacks. 

18. Memcached servers are extremely vulnerable and were one of the main reasons why GitHub’s 2018 attack was so crucial.

(Source: Kaspersky Lab)

Memcached is a way to store memory, usually “for small chunks of arbitrary data (strings, objects) from results of database calls, API calls, or page rendering” and unfortunately it makes for a vulnerable target. 

Memcached servers also make for a logical target; this is the type of server that GitHub used when they were attacked in February of 2018

Top DDoS Attack Deployment Tools

Hackers use sophisticated tools in order to execute a DDoS attack. This is due to the ability for sophisticated attacks to make money and the need for a high-powered software and system to be effective. 

Here are some stats around the top attack deployment tools in 2021:

19. Low Orbit Ion Cannon (LOIC) was one of the most popular free DDoS attack tools in 2019.

(Source: INFOSEC)

Low Orbit Ion Cannon (LOIC) is a free network stress testing and denial-of-service attack application. This application works by sending UDP, TCP, or HTTP requests to the victim server. Since anyone could, theoretically, access this software, it’s no surprise that it was one of the most popular free DDoS attacks tools in 2019. 

The hacker group Anonymous used LOIC to carry out some major DDoS attacks.

20. HULK (HTTP Unbearable Load King) remains to be an extremely popular DDoS attack tool in 2020.

(Source: Software Testing Help)

HULK, or HTTP Unbearable Load King, remains to be one of the most popular DDoS attack tools. It was created for research purposes and comes with the ability to bypass the cache engine, generate unique and obscure traffic, and generate a great volume of traffic at the webserver.

The Most Vulnerable Software and Content Management Systems (CMS) in 2021

Successful cyber crimes are largely attributed to exploited human error. DDoS taps into this, exploiting system vulnerabilities and human vulnerabilities to take down hosting platforms. 

Here are the two most vulnerable CMS in 2021. 

21. WordPress vulnerabilities led to 18 million users being affected by DDoS attacks in 2014. 

(Source: ASTRA)

73% of WordPress-based websites have vulnerabilities that can be exploited, and that’s exactly what happened in 2014 when 18 million users were affected. 

22. Drupal websites experienced a high volume of DDoS attacks in the first half of 2018. 

(Source: NSFOCUS)

It remains that Drupal websites, specifically in Europe and America, contain major vulnerabilities that DDoS attackers love to exploit. 

Famous DDoS Attackers

Considering that just about anyone can go online and download a DDoS attack tool, there are some who have made a name for themself. Not surprisingly, the most famous DDoS attackers are teenagers. 

23. 15-year-old American hacker Mafiaboy (Michael Calce) carried out a successful DDoS attack in 2001, taking down CNN, Dell, E-Trade, eBay, and Yahoo websites.

(Source: Cloudflare)

By hacking into several universities, he made use of their servers and performed a sleek DDoS attack through the Yahoo search engine, then the largest search engine in the world.

24. A British teen was hired to carry out the largest ever DDoS attack in 2013 against The Spamhaus Project.

(Source: Cloudflare)

The Spamhaus Project is an organization that helps combat spam emails and spam-related activity globally. The British teen simply had to drive traffic to the Spamhaus website at a rate of 300 GBps to destabilize them. 

25. 27 websites associated with the US Government were subject to a DDoS attack on US Independence Day in 2009.

(Source: Procedia Computer Science)

Departments included the White House, Federal Trade Commission, Department of Transportation, and Department of the Treasury. It’s clear that even the best security measures can’t stop a DDoS attack.

Can You Defend Against DDoS Attacks?

While extremely difficult, you can defend against a DDoS attack. As we will go into below, there are techniques, like having an established DDoS mitigation plan, that can set you up for success. 

Certain software can help you with DDoS attack defenses. A common software is SolarWinds, which is a Security Event Manager, can mitigate, prevent, and software DDoS attacks. This software monitors event logs from a range of sources to prevent DDoS from starting. 

Prevention is the key to stopping a DDoS attack. Once the attacker is able to maintain the traffic, then it can be hard to reroute them. 

Monitoring software enables you to track, consolidate, and review IDS/IP logs associated with known bad actors. When used in conjunction with a firewall and other security software, you can stay alert to anomalous behavior, block IPs, and shut down accounts quickly before the DDoS attack takes hold. 

Common Losses Companies Experience from DDoS Attacks

A continuous DDoS attack can be extremely damaging. And if a DDoS attack successfully targets a cluster of websites, then this could be devastating to many companies. Here are some common losses that companies experience from DDoS attacks. 

26. 20% of mid-sized companies (with 50 employees or more) have reported being the victim of at least one DDoS attack.

(Source: Kaspersky Lab)

One-fifth of medium-sized companies are likely to suffer an attack. If you’re in the telecoms, IT, and financial services industries, then you may experience a greater frequency of attacks.

27. The majority of DDoS attacks (50%) lead to a significant service disruption.

(Source: Kaspersky Lab)

The most significant issue associated with DDoS attacks is that they render websites inaccessible. 24% of attacks lead to services being completely unavailable. Depending on the business’s use of the website, this can lead to financial and trust-based losses. 

28. 12% of businesses feel that their competition started the DDoS attack. 

(Source: Kaspersky Lab)

It’s surprising to think, but many businesses that were attacked believe that DDoS attacks were started by a competing company. This might not be the case!

29. 7% of DDoS attacks on businesses last longer than a week.

(Source: Kaspersky Lab)

If you think of the downtime associated with DDoS attacks, just imagine how that downtime would feel if it lasted more than mere hours. DDoS attacks can last for days, weeks, even as long as a month. If you can’t stop the attack, then your main source of web traffic and revenue could be completely disrupted for a long time. 

30. On average, large companies lose $417,000 from DoS attacks.

(Source: Kaspersky Lab)

The biggest detriment of a DDoS attack is the financial losses. Large companies reported that DDoS cost them $417,000 on average, compared to small- to mid-sized businesses, which lost around $53,000. 

DDoS Defense Techniques Companies Should Use

While DDoS defense is rather difficult, there are security best practices that companies should use to best protect their data and company from a potential DDoS attack. 

Develop a Denial of Service Response Plan

It’s extremely important to develop a denial of services response plan. This will, at the very least, give you steps to take and guidance if your company is attacked. 

This should include: 

  • Assessing your current security situation
  • Creating a system checklist
  • Forming a response team
  • Creating and definition notification and escalation procedures
  • Having a list of contacts on hand in case of attack
  • Creating a plan to implement for company lockdown and mitigation

Secure Your Network Infrastructure With Cybersecurity Software

Secure your network infrastructure with: firewalls, VPN, anti-spam, content filtering, load balancing, employee monitoring, and other layers of DDoS defense techniques.

DDoS requires that you layer defense techniques to protect yourself. This includes defensive barriers so that attackers can’t get into your network during a DDoS or instigate one. It also includes other defense techniques so that your system can work on your behalf to prevent DDoS from occurring. 

Practice Network Security Best Practices

Basic network security is a requirement for every size business. This includes using challenging passwords, changing passwords regularly, and using anti-phishing methods, for example. 

Top DDoS Defense Tools Companies Use

Defense tools help companies to track, organize, and act on DDoS attacks!

31. Cloudflare’s multiple layer defense can help stop an attack. 

(Source: CBR)

Cloudflare’s layer 3 (the Network layer) and 4 (the Transport layer) protection can absorb an attack before it reaches the server. Its Application layer (layer 7) can also differentiate between malicious traffic and well-intentioned traffic.

32. You can get on-site and cloud DDoS protection through F5 Networks.

(Source: CBR)

F5 Networks also provides 24/7 customer support for DDoS attack mitigation. 

How to Protect Your Company from a DDoS Attack

With more than 2000 registered DDoS attacks daily globally, DDoS attacks are an inescapable fact of life. You can track DDoS attacks with this Digital Attack Map tool, as well, so you can see where a DDoS attack is happening in the world in real time. 

If you’re in the hosting industry, then understanding how DDoS attacks work and how you can protect yourself is a critical first step. You then need to set up defenses against these malicious attacks through event management software and employee monitoring software. 

With these remarkable DDoS statistics on your side, you may be able to protect your company and stop a DDoS attack before it occurs!

By SoftActivity Team.


 Ars Technica


 Kaspersky Lab 1




 Software Testing Help


 Kaspersky Lab 2




 Procedia Computer Science


 AWS Shield


 Nexus Guard

 Kaspersky Lab 3


October 25th, 2021