An Updated Guide to DDoS Attacks

Distributed denial-of-service attacks are growing in size, frequency and type; learn what organizations can do to protect their digital infrastructure

Martin Atkinson
An Updated Guide to DDoS Attacks

As the global economy becomes more distributed and digital, enterprise and public sector organizations today are more reliant upon the availability and performance of their network, cloud and IT infrastructure than ever before. Many organizations simply could not exist without the digital assets and connectivity underpinning their business.

In particular, day-to-day activities such as commercial transactions, customer engagements, post-sales support, distributed workforce, and supply chain management depend upon internet access, and it’s absolutely essential for organizations to ensure A) the availability of their internet connectivity and B) the security of their cloud and IT infrastructure. There is a constant need for up-to-date understanding of the current common internet threats organizations face and the optimized security posture required to minimize vulnerabilities.

To highlight some of the important issues around internet security, I wrote a blog back in 2020 that focused on distributed denial-of-service (DDoS) attacks. Since that last blog, cyberattacks against internet-exposed digital and physical infrastructure have continued to grow in frequency, scale and duration[1], impacting both private businesses and public sector organizations. Meanwhile, Akamai reports that the diversity of protocol attack vectors employed by cybercriminals and attackers has also grown considerably.[2]

Equinix Fabric™ Provides Fast, Reliable Cloud Connectivity with Advanced Security for Leading Japanese Internet Bank

Online-only bank replaces its legacy on-premise system with Platform Equinix® and Equinix Fabric™ to benefit from the cloud while meeting stringent security requirements, all with a short lead time.

Download now
Screen Shot 2022-08-10 at 7.33.11 AM

DDoS attacks continue to grow in frequency, size and vector type

Now is a good time to revisit the topic of denial-of-service attacks, and briefly explore what has changed and what hasn’t. The number of DDoS attacks worldwide exceeded 10 million annually for the first time during 2020.[3] 2021 saw a slight decline in that number, but DDoS attacks remain more common now than they were before COVID-19.

In addition, data from Cloudflare[4] shows that in Q2 2022, DDoS attacks were up considerably at both the application layer (72% increase YoY) and the network layer (109% increase YoY). While Cloudflare found that the U.S. was the country most likely to be targeted by DDoS attacks, the graphs below reveal that no organization should consider itself safe based solely on its geographic location.

DDoS attacks come in many varieties and sizes

Cybercriminals launch DDoS attacks for many different reasons; financial gain is the most prevalent motivation, but not by any means the only one. A Cloudflare survey found that approximately 20% of organizations experiencing a DDoS attack received an associated demand for ransom payment or other threat. In addition, Zscaler found that ransomware and extortion attacks increased 80% YoY in 2022.[5]

However, politically motivated DDoS attacks are also on the rise. The recent events in Ukraine have led to an ongoing increase in government-sponsored cyberattacks from Russia and counterattacks from Ukraine’s international supporters. The DDoS attacks against Ukraine have mainly been directed at public broadcast and media companies, while those against Russia are most often targeted at banking, financial services and cryptocurrency companies.

Although these attacks are centered in one particular region, the wider implications for enterprises and governments in other parts of the world should not be ignored. The National Cyber Security Centre (NCSC) has warned organizations in the U.K. to prepare for an extended period of heightened threats due to the Russia-Ukraine conflict, and has offered guidance on how to maintain a strengthened security posture while also avoiding staff burnout.[6]

The scale of the largest DDoS attacks continues to grow, driven by new types of botnets. In November 2021, Microsoft Azure successfully mitigated the largest DDoS attack ever recorded, at 3.45 Tbps of throughput.[7] While these kinds of super-attacks get a lot of attention in the press, they remain relatively rare. As the graph below shows, more than 95% of the 13.9 million DDoS attacks Cisco predicts for 2022 [8] will be less than 500 Mbps. However, these smaller attacks can still be very harmful to organizations with poor security postures and unprotected internet-exposed assets.

Choosing the best interconnection method on Platform Equinix

The threats presented by DDoS attacks are constant and always evolving. To help our customers build a security posture that protects against those threats, we at Equinix have evolved our interconnection product portfolio in step.

From the earliest days Equinix has promoted and nurtured public internet services in our facilities, but in later years we have invested significantly in evolving private interconnection services for our enterprise customers. By choosing the right combination of public internet and private interconnection for their many different use cases, our customers can operate a globally distributed architecture that reliably and securely moves data where it’s needed and protects digital infrastructure, even in the face of increasing DDoS attacks.

The diagram above illustrates the Equinix interconnection perspective. There should be a clear division between:

  • Public internet services that deliver consumer services such as streaming, short and long-form video content, gaming, social media, mobile apps, email, and more.
  • Private interconnection services supporting enterprise-grade applications such as sensitive data exchange, hybrid or multicloud workloads, edge computing and management of critical (possibly national) infrastructure.

The consequences of a denial-of-service attack on enterprise-grade applications or critical infrastructure may be dire, even existential, for an organization. Connecting such assets privately reduces exposure of the “attack surface” to the public internet. The black line through the center of the diagram represents a zero-trust security posture that separates private services from public services. It is there to ensure that private assets remain private, and that critical IT infrastructure is protected against cyberattacks.

Equinix Fabric™ is a global on-demand digital services provisioning platform that supports private distributed IT and network infrastructure for many of our enterprise and government customers. It can play a key role in helping these customers protect themselves against DDoS attacks and other internet vulnerabilities. For instance, customers can use Equinix Fabric to create geo-redundant multicloud infrastructure, allowing them to failover seamlessly if access to assets and workloads in one location is ever compromised.

In addition, Equinix Fabric offers our customers access to an ecosystem of industry-leading security service providers. These providers offer geo-diverse DDoS mitigation services and AI-enabled traffic filtering, which help ensure that only “clean” traffic passes through to the enterprise network, and that there is no single exposed internet gateway for cybercriminals to attack.

Take the first step toward protecting against internet vulnerabilities

Avoiding unnecessary exposure of critical IT and network infrastructure to the public internet by design should be a standard security consideration.[9] Internet security service providers play a key role in protecting the cloud and IT infrastructure that organizations have come to rely on. At Equinix, we’re proud to host and partner with all major security providers, making their services available to more customers in more places.

For a closer look at how Equinix helped one customer implement private interconnection services to shield its infrastructure from unnecessary exposure to the public internet, read the SBI Sumishin case study. With Equinix Fabric and other digital services on Platform Equinix, this Japanese bank can now connect to the cloud quickly and reliably, all while meeting the stringent security requirements of the financial services sector.



[1] F5 Labs, “2022 Application Protection Report: DDoS Attack Trends

[2] Akamai, “The Relentless Evolution of DDoS Attacks

[3] Netscout, “DDoS Attacks in 2020

[4] The Cloudflare Blog, “DDoS attack trends for 2022 Q2

[5] Zscaler, “Zscaler ThreatLabz 2022 Ransomware Report Reveals Record Number of Attacks and Nearly 120% Growth in Double Extortion Ransomware

[6] National Cyber Security Centre, “NCSC urges organisations to prepare for the long haul on Russia-Ukraine”

[7] A10 Networks, “Five Most Famous DDoS Attacks and Then Some

[8] Cisco Annual Internet Report (2018-23) White Paper

[9] National Cyber Security Centre, “Vulnerability Management

Avatar photo
Martin Atkinson Senior Manager of Peering and Interconnection EMEA
Subscribe to the Equinix Blog