{"id":8229,"date":"2021-01-21T09:20:36","date_gmt":"2021-01-21T09:20:36","guid":{"rendered":"https:\/\/www.securitytoday.de\/2026\/04\/02\/post_id-2752\/"},"modified":"2026-04-10T08:23:16","modified_gmt":"2026-04-10T08:23:16","slug":"ddos-attacks-surpass-10-million-mark-for-the-first-time-in-2020","status":"publish","type":"post","link":"https:\/\/www.securitytoday.de\/en\/2021\/01\/21\/ddos-attacks-surpass-10-million-mark-for-the-first-time-in-2020\/","title":{"rendered":"DDoS Attacks Surpass 10-Million Mark for the First Time in 2020"},"content":{"rendered":"

For the first time since the dawn of the internet, the annual number of DDoS attacks has exceeded 10 million. Germany was the target of the largest EMEA-region attack.<\/strong><\/p>\n

 <\/p>\n

The
\nATLAS Security Engineering and Response Team (ASERT) of NETSCOUT<\/a>
\nrecorded 10,089,687 Distributed-Denial-of-Service (DDoS) attacks in 2020 – nearly 1.6 million more than the 8.5 million attacks observed in 2019. In Germany alone, 445,000 DDoS attacks were recorded last year, up from 162,000 in 2019. This included the largest EMEA-region attack ever observed, peaking at 586 Gbps.<\/p>\n

Network services provider NETSCOUT has now distilled the most critical insights.<\/p>\n

\"securitytoday-DDoS-2020\"

DDoS attacks surged globally during the first lockdown in early March, according to the report. Source: iStock \/ Anastasiia_New<\/p><\/div>\n

Remote Work Environments & Lockdowns: A Cybercriminal\u2019s Paradise<\/strong><\/p>\n

Cybercriminals exploited the shift from corporate networks – protected by enterprise-grade firewalls – to home-office setups secured only by consumer-grade networking devices. By more than doubling the number of readily available IoT-specific malware samples, attackers dramatically accelerated the pace of DDoS activity.<\/p>\n

Monthly DDoS attacks consistently surpassed 800,000 starting with the March 2020 lockdown. May saw the highest volume, with 929,000 DDoS attacks<\/a>. Cable and wireless broadband providers bore the brunt of these attacks. Other top targets included critical infrastructure sectors such as e-commerce, online learning, and healthcare.<\/p>\n

Financial Services & Healthcare Under Siege<\/strong><\/p>\n

In mid-August, the threat actor Lazarus Bear Armada (LBA) launched a global, ongoing campaign of DDoS extortion attacks. According to ASERT, the campaign persists because victims failed to pay the original ransom demand. While LBA initially targeted financial services, cybercriminals quickly expanded their focus to major healthcare organizations – including firms involved in COVID-19 testing and vaccine development.<\/p>\n

As the COVID-19 pandemic extends into 2021, threat actors will inevitably identify and exploit new attack vectors targeting vulnerabilities exposed by the global crisis. It is essential to continuously reassess the status quo of deployed security solutions – and adapt them proactively to evolving threats.<\/p>\n

 <\/p>\n

 <\/p>\n

Key Facts<\/h2>\n

Damage Volume:<\/strong> Cybercrime causes over \u20ac8 trillion in global damages annually.<\/p>\n

Skills Shortage:<\/strong> More than 3.5 million cybersecurity professionals are missing worldwide.<\/p>\n

Frequently Asked Questions<\/h2>\n

What are the most common cyber threats facing businesses?<\/h3>\n

According to the BSI (Federal Office for Information Security) Situation Report, ransomware, phishing, DDoS attacks, and supply-chain compromises rank among the most frequent threats. German companies face additional regulatory risks – including GDPR and the upcoming NIS2 Directive.<\/p>\n

How much should a company invest in cybersecurity?<\/h3>\n

Industry experts recommend allocating 10 to 15 percent of the IT budget to cybersecurity. According to Bitkom, German companies average 14 percent. Crucially, it\u2019s not just the amount – but the strategic distribution across prevention, detection, and response – that matters.<\/p>\n

Does every company need a CISO?<\/h3>\n

Not every organization requires a full-time Chief Information Security Officer – but every company must assign clear, board-level accountability for IT security. SMEs can leverage external or virtual CISOs (vCISOs). With NIS2, management accountability for cybersecurity becomes legally mandated.<\/p>\n

Related Articles<\/h2>\n