Telia Carrier says largest 2020 DDoS attack was 50% bigger than 2019

illustration of closed padlock on digital background representing cybersecurity
It was found that attack traffic mirrored the main spring and autumn Covid lockdowns that took place in the U.S. and Europe. (ranjith ravindran/Shutterstock)

Telia Carrier found that distributed denial of service (DDoS) attacks continued to increase in size and scale in 2020.

According to findings from its new DDoS Threat Landscape Report — based on traffic data observed on its internet backbone — Telia Carrier found the largest attack in 2020 hit 1.18 Tbps, up 50% from the previous year. In terms of packets-per-second, the size of the largest attack reached 887 Mpps. 

The Telia Carrier 2021 DDoS Threat Landscape Report is a snapshot of the company’s monitoring and mitigation efforts to protect customers across its global network, which connects more than 700 cloud, security and content providers across 125 countries.

In 2020, Telia Carrier cleaned 57 Petabits or 14 tera packets of malicious data, the equivalent of 1.5 million DVDs. During the same period, the average size of a DDoS attack was 19 Gbps (23 Mpps), with an average duration of 10 minutes.

It was found that attack traffic mirrored the main spring and autumn Covid lockdowns that took place in the U.S. and Europe. 

Telia Carrier chart

The report also found that with an overall rise in available network capacity, cyber criminals are increasingly targeting their victims with high intensity attacks, rather than simply congesting client links. And attacks were constant and affected customers throughout the week. There were no “safe” days.

Carpet bombing DDoS attacks increase

Carpet Bombing DDoS attacks target a range of addresses or subnets, which can contain hundreds or even thousands of destination IP addresses.

Telia Carrier’s research found that carpet bombing is on the increase. “A clear trend has been seen of larger, coordinated attacks from multiple sources toward dynamically changing hosts within a target network,” stated the report. “Previously this attack type was seen in severe, but isolated cases, but this activity is now more consistent and sustained."

“The rise of carpet bombing as a popular attack vector and a dramatic increase in peak attack traffic are two important reasons why organizations need to move to automatic threat mitigation techniques,” said Jorg Dekker, head of internet services at Telia Carrier.