NETSCOUT Threat Intelligence Report: Attackers Embrace Innovative Techniques, Launching 9,7M DDoS Attacks in 2021. Ransomware groups, DDoS-for-Hire services, and server-class botnet armies are making more sophisticated attacks easier are to be started.
NETSCOUT announced the results of its semi-annual Threat Intelligence Report. In the second half of 2021, cybercriminals launched approximately 4,4 million distributed denial of service (DDoS) attacks, bringing the total number of DDoS attacks in 2021 to 9,75 million. This represents a 3% decrease from the record number seen at the peak of the pandemic, but the number of attacks remains 14% above pre-pandemic levels.
DDoS – no relief in sight
The report details how powerful botnet armies emerged in the second half of 2021, rebalancing the balance between volumetric and direct attacks (so-called direct-path or non-spoofed attacks), resulting in more complex attack vectors and attackers with an arsenal of new tactics, techniques and methods for their activities.
"While it may be tempting to think of the drop in overall attacks as a scaling back in attacker efforts, we've seen significantly higher activity compared to pre-pandemic levels," said Richard Hummel, Threat Intelligence Lead at NETSCOUT. "The reality is that these attackers are constantly developing and adapting new techniques, including the use of server-class botnets, DDoS-for-hire services, and proliferating direct-path attacks, which are constantly evolving the threat landscape."
NETSCOUT 2H2021 Threat Intelligence Report: Other Key Findings
- DDoS extortion and ransomware operations are still on the rise. That three high-profile DDoS extortion campaigns were carried out simultaneously marks a new high. Ransomware groups such as Avaddon, REvil, BlackCat, AvosLocker and Suncrypt have been observed using DDoS to extort their victims. Having had great success with this, ransomware groups are now increasingly using DDoS extortionists posing as partners, such as in the recent REvil DDoS ransomware campaign.
- VOIP services are the target of DDoS extortion attacks. Global DDoS extortion attacks by REvil copycats targeted multiple VOIP service providers. A VOIP service provider reported $9M to $12M in lost revenue due to DDoS attacks.
- DDoS-for-hire services make attacks easier. NETSCOUT examined 19 DDoS-for-Hire services and how they eliminate the technical requirements and costs of massive DDoS attacks. All for-hire services together offer more than 200 different types of attacks.
- Attacks in Asia Pacific rose 7%, while other regions saw a decrease. With ongoing geopolitical tensions in China, Hong Kong and Taiwan, Asia-Pacific has witnessed the sharpest rise in attacks compared to other regions.
- Server-class botnet armies have arrived. Cybercriminals have not only increased the number of Internet of Things (IoT) botnets, but also recruited powerful servers and high-capacity network devices, as demonstrated by the GitMirai, Meris, and Dvinis botnets.
- Direct attacks are becoming increasingly popular. Attackers flooded organizations with TCP and UDP-based floods, also known as direct path or non-spoofed attacks. At the same time, the total number of attacks decreased as some reinforcement attacks decreased.
- Attackers focus on specific industries. The hardest hit are software manufacturers (up 606%), insurance agencies and brokers (up 257%), computer manufacturers (up 162%) and colleges, universities and trade schools (up 102%).
- The speed of the fastest DDoS attack was 107% faster compared to last year. Using DNS, DNS Boost, ICMP, TCP, ACK, TCP RST, and TCP SYN vectors, the multi-vector attack against a target in Russia recorded 453 million data packets per second.
NETSCOUT's Threat Intelligence Report covers the latest trends and activities in the DDoS threat landscape. It includes data collected by NETSCOUT's Active Level Threat Analysis System (ATLAS™) and insights from NETSCOUT's ATLAS Security Engineering & Response Team.
The insights and insights from the global DDOS attack data presented in the Threat Intelligence Report and viewable in the Omnis Threat Horizon portal form the basis of the ATLAS Intelligence Feed used across NETSCOUT's Omnis security portfolio to track threat activity for businesses and service providers worldwide to detect and block.
More at Netscout.com
About NETSCOUT NETSCOUT SYSTEMS, INC. helps secure digital business services against security, availability and service disruptions. Our market and technology leadership is based on the combination of our patented smart data technology with intelligent analytics. We provide the comprehensive, real-time insight that customers need to accelerate and secure their digital transformation. Our advanced Omnis® cybersecurity platform for threat detection and mitigation offers comprehensive network visibility, threat detection, contextual investigations and automated mitigation at the network edge.