The number of DDoS attacks in the first quarter of 2021 fell just 2% on the figure for the fourth quarter of 2020. But attack volumes increased by 31%.
Radware said the largest recorded attack in the first quarter of 2021 was 295Gbps, compared with 260Gbps in the fourth quarter of 2020.
Furthermore, the number of major attacks (10Gbps or more) tripled in the first quarter.
Another change is that attacks on back-end infrastructure occurred more frequently during weekday business hours, affecting day-to-day operations such as access to cloud-based applications, and also on-premises systems by employees working at home or in branch offices.
Radware found attackers have begun targeting the backend of the communication infrastructure of organisations, as they can disrupt a branch or even the entire organisation with a comparatively small amount of attack bandwidth.
Interrupting or affecting the performance of the remote access infrastructure had an increased impact on the organisations' productivity during the pandemic.
Radware also found that attackers were revisiting previous targets.
According to Radware director of threat intelligence Pascal Geenens "By the end of 2020, the extortionists started circling back to earlier victims who did not pay ransom in earlier attempts, reusing their attack research and increasing the pace of their campaign to benefit from the surging Bitcoin value."
Changes were observed in attack patterns for different sectors.
The quarter started with attacks on biotechnology and pharmaceutical attacks, but attention later shifted to hospitals.
Finance organisations were initially hit with infrequent, high-volume attack, but the pattern changed to smaller, more frequent global attacks in March.
The highest-volume attacks on government occurred in February and March 2021.
Radware's report is available here (registration required).