As the new NETSCOUT Threat Intelligence Report shows, attackers are continuing cyberattacks with greater precision and innovative attack methods. TCP-based, DNS water torture and carpet bombing attacks in particular dominate the DDoS threat landscape.
NETSCOUT announced the results of its Threat Intelligence Report for the first half of 2022. The results show how sophisticated and successful cybercriminals have become in circumventing defenses using new DDoS attack vectors and other methods.
DDoS attack statistics in ATLAS
NETSCOUT's Active Level Threat Analysis System (ATLAS™) collects DDoS attack statistics from most ISPs, major data centers, and government and corporate networks worldwide. This data sheds light on attacks taking place across 190+ countries, 550 industries, and 50.000 Autonomous System Numbers (ASNs). NETSCOUT's ATLAS Security Engineering and Response Team (ASERT) analyzes and curates this data to provide unique insights in its semi-annual report.
Key Findings of DDoS Threat Intelligence Report 1H2022
- In the first half of 2022, there were 6.019.888 DDoS attacks worldwide.
- TCP-based flood attacks (SYN, ACK, RST) remain the most common attack vector, with approximately 46% of all attacks continuing a trend that began in early 2021.
- DNS water torture attacks accelerated in 2022 with a 46% increase, primarily using UDP query floods, while carpet bombing attacks made a major comeback towards the end of Q2; overall DNA amplification attacks decreased by 2021% from 1H2022 to 31HXNUMX.
- The new TP240 PhoneHome Reflection/Amplifications DDoS vector was discovered in early 2022 with a record-breaking amplification ratio of 4.293.967.296:1; rapid action was taken to eliminate the misuse of this service.
- Malware botnet proliferation increased at an alarming rate, from 21.226 nodes in Q488.381 to XNUMX nodes in QXNUMX, fueling more direct application layer attacks.
Geopolitical unrest leads to increased DDoS attacks
As previously documented, the incursion of Russian ground forces into Ukraine at the end of February saw a significant increase in DDoS attacks targeting government entities, online media organizations, financial firms, hosting providers, and cryptocurrency-related firms. This had a dramatic impact on DDoS attacks in other countries:
- Ireland saw a spike in attacks after providing services to Ukrainian organizations.
- India saw a measurable increase in DDoS attacks after abstaining in UN Security Council and General Assembly votes condemning Russia's actions in Ukraine.
- On the same day, Taiwan recorded the highest number of DDoS attacks after making public statements in support of Ukraine, as did Belize.
- Finland saw a 258% increase in DDoS attacks year-on-year, coinciding with the country's announcement that it would apply for NATO membership.
- Poland, Romania, Lithuania and Norway have all been targets of DDoS attacks related to Killnet - a group of online attackers allied with Russia.
- While the frequency and severity of DDoS attacks in North America remained relatively constant, satellite telecom providers saw a spike in high-impact DDoS attacks, particularly after supporting Ukraine's communications infrastructure.
- In Russia, the number of daily DDoS attacks has almost tripled since the beginning of the conflict with Ukraine and continued until the end of the reporting period.
As tensions between Taiwan, China and Hong Kong escalated in the first half of 2022, DDoS attacks against Taiwan regularly occurred in conjunction with related public events.
Curated real-time data at a glance
NETSCOUT not only publishes the DDoS Threat Intelligence Report, but also makes its carefully curated, real-time data on DDoS attacks available on its Omnis Threat Horizon Portal to give customers insight into the global threat landscape and understand the impact on their organizations. This data also feeds into NETSCOUT's ATLAS Intelligence Feed (AIF), which continuously updates NETSCOUT's Omnis and Arbor security portfolio. Together with AIF, the Omnis and Arbor products automatically detect and block threat activity for enterprises and service providers worldwide.
More at Netscout.com
About NETSCOUT NETSCOUT SYSTEMS, INC. helps secure digital business services against security, availability and service disruptions. Our market and technology leadership is based on the combination of our patented smart data technology with intelligent analytics. We provide the comprehensive, real-time insight that customers need to accelerate and secure their digital transformation. Our advanced Omnis® cybersecurity platform for threat detection and mitigation offers comprehensive network visibility, threat detection, contextual investigations and automated mitigation at the network edge.