At the same time that record breaking DDoS attacks were making headlines last year, often undetected micro floods were making a showing of their own, according to a new report by Radware.

The new report reviews the biggest cybersecurity events in 2021. It also provides detailed insights into DDoS and web application attacks as well as unsolicited network scanning trends.

Radware’s report shows that between 2020 and 2021, micro floods (less than 1Gbps) and application-level attacks jumped nearly 80% higher, followed by midsized attack vectors, which rose 39%. In contrast, the number of attack vectors larger than 10Gbps dropped 5%.

Quarterly number of micro flood attacks.

The report underscores that cybercriminals are shifting their attack patterns and starting to leverage more small and midsize attacks as well as target the application in denial-of-service attacks. It’s an indicator that malicious actors are getting smarter, more organized and more targeted in pursuing their objectives — whether that be for money, fame or a political cause. It’s also a warning for security leaders.

By combining a large number of micro floods or adding micro floods to a mix of midsized and large attack vectors, bad actors can significantly increase the complexity of their attack campaigns. They can make mitigation harder by forcing organizations to constantly adapt their policies.

The top attacked industries in 2021 were gaming and retail, each accounting for 22% of the attack volume on a normalized basis. These two industries were followed by the government (13%), healthcare (12%), technology (9%), and finance (6%).

The report leverages intelligence provided by network and application attack activity sourced from Radware’s Cloud and Managed Services, Global Deception Network, and threat research team.

Read the full report by Radware.