2020 DDoS Attack Landscape Report – 1

2020 DDoS Attack Landscape Report – 1

abril 20, 2021 | Jie Ji

Executive Summary

In 2020, the total number of distributed denial-of-service (DDoS) attacks declined a little compared with 2019, probably attributable to effective governance and enhanced protection capabilities of Anti-DDoS products. Despite this, DDoS attacks intensified during the COVID-19 pandemic, especially for healthcare, government, and education sectors. January to April 2020 was a period when China was most severely hit by the pandemic and also a period when this country was most frequently targeted by DDoS attacks, mainly initiated by threat actors from countries outside China. The introduction of 5G networks enables great improvement in speed, capacity and latency. However, it also increased the bandwidth available for larger DDoS attacks. Small-sized DDoS attacks are no longer the mainstream. With the gradual adoption of HTTP 2.0, more and more vulnerabilities in this protocol have been disclosed, giving rise to new threats. While the percentages increased in the numbers of DDoS reflection attacks and reflectors, new types of reflection attacks emerged constantly. In terms of attack source IP addresses, China came in first with the most controlled attack sources. Over 20 million of a Chinese brand mobile phone were reduced to zombies, becoming accomplices of attackers. Compared with the previous year, more Internet of things (IoT) devices have been used in DDoS attacks because for attackers they are cost-efficient, easy to gain control, installed everywhere and increasing day by day.

Key Findings – 1

The Total Number and Traffic Volume of DDoS Attacks Declined in 2020

As of December 2020, we had detected 152,500 DDoS attacks, which generated 386,500 TB of traffic in total, a year-on-year decrease by 16.16% and 19.67% respectively. This, however, does not mean that we can sit back and take a break. As is known, decreases in the number and traffic volume of attacks are primarily due to anti-DDoS devices’ ever enhanced detection and protection capabilities that make their protection prompt and effective, discouraging attackers from pushing ahead, hence the premature end of attacks.

According to our statistics about the number and traffic volume of DDoS attacks from 2016 to 2020, while 2017 and 2018 were the years when DDoS attacks peaked, 2019 and 2020 were less eventful. But being less eventful does not mean peace in mind. Compared with utter darkness, evening skies illuminated with the shimmering afterglow are more easily to make people lose their way. While the 5G technology is rolling out, IoT devices and mobile devices are increasingly turned into zombies, becoming potential sources of attack traffic. New attack vectors will also be born out of new technologies, such as HTTP 2.0. From the past experience, we can infer that the current decline in DDoS attacks is just temporary and in future there will probably be more DDoS attacks peaking at even higher levels.


NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.

NSFOCUS works with Fortune Global 500 companies, including four of the world’s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA).

A wholly owned subsidiary of NSFOCUS Technologies Group Co., Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.