Insights & Trends of DDoS Attacks in 2020 on Azure

2020 was a rough year for the Azure DDoS Protection team in Microsoft. DDoS attacks has grown with 50% in 2020. We are all working from home and the internet traffic has exploded which makes it a lot easier for an attacker to launch a DDoS attack.

DDoS stands for Distributed Denial-of-Service and means that multiple machines are working together to attack one target. Since we all work from home we are all helping attackers to generate traffic and bring down services. Companies can hardly distinguish between a friendly visiter and a DDoS attack. Still, the Azure DDoS Protection team mitigated an average of 500 attacks a day. In Mars and April the number was even higher and around 800 to 1000 attacks a day.

The top targets are protocols that are used in IoT-connected devices such as DNS, NTP, CLDAP, WSD, SSDP, memcached, and OpenVPN. The top source that start DDoS attacks are the United States with 45%. Targets are Europe, Asia, and the US.

It’s also observed that many DDoS attacks are initiated to cover up bigger network intrusions. If you are victim of a DDoS attack, there might be going on something more.

• Source: Azure DDoS Protection—2020 year in review
• Components of a DDoS response strategy