• DDoS
  • IOT
  • APT

NETSCOUT Threat Intelligence Report—Powered by ATLAS

Findings from 2H 2019

NETSCOUT Threat Intelligence Report
by ASERT Team on

Executive Summary


That is the number of DDoS attacks NETSCOUT Threat Intelligence saw last year alone: more than 23,000 attacks per day, 16 every minute. Any way you slice it, that’s a huge number of attacks.

What does that mean to you? As our latest Threat Intelligence Report shows, enterprises and service providers need to defend themselves against attacks—and protect their customers. Numbers from our global WISR survey reveal that customer-facing services and applications were targets of DDoS attacks at two-thirds of enterprises. Even worse, customers can act as conduits for attacks: adversaries deployed a novel technique that used attacks on client services to access core services at well-protected targets. If you have a mobile phone—or run a mobile network—beware: APT groups are bumping up mobile malware use, while DDoS attacks on mobile networks jumped 64 percent in the second half of 2019. The reality is, attackers are smart and efficient and never give up. Here are just a few of the report’s highlights:

Key Takeaways

Lucky Seven for Attackers

Attackers weaponized seven new or increasingly common UDP reflection/amplification attack vectors in 2019. They also combined new variations of well-known attack vectors—all while remaining operationally efficient and launching pinpoint-focused DDoS attacks.

New Methods Pump Up Attacks, Bypass Traditional Defenses

Attackers not only combined attack vectors but also made them stronger than the sum of their parts by combining TCP reflection/amplification attacks with carpet-bombing techniques. Meanwhile, adversaries using advanced reconnaissance discovered how to use the client services of well-protected targets like Internet Service Providers or financial institutions to amplify attacks against specific enterprises
and network operators.

WISR Survey Highlights IoT, Cloud Risk

Survey data from the 15th Worldwide Infrastructure Security Report (WISR) shows that infected and compromised endpoint IoT devices are a top concern for enterprises, along with detection/ identification of IoT devices on their networks, software patching and maintenance of IoT devices, and compliance risks posed by IoT. The survey also showed a dramatic increase in DDoS attacks on publicly exposed service infrastructure, reported by 52 percent of service providers in 2019 compared with only 38 percent in the previous year.

ISPs and Satellite Telecom Pay the Price

Carpet-bombing tactics were reflected in the increased attack activity seen
in vertical sectors such as satellite telecommunications, which sustained
a 295 percent increase in attack frequency. This is likely a reflection of carpet-bombing attacks on financial institutions in countries across Europe and Asia Minor, in which satellite telecom companies experienced significant collateral damages


As threats grow across the landscape, NETSCOUT's unique position protecting enterprise networks and the internet through our service provider customers gives us wide visibility into this dynamic and ever-changing environment. NETSCOUT’s Arbor Active Threat Level Analysis System (ATLAS®) has actively monitored the global internet threat landscape since 2007. Today, it provides us with visibility into approximately one-third of the global internet.

By drawing on that comprehensive view with analysis driven by ASERT, we have created a representative view of the threat landscape as we observed in the second half of 2019 based on all our data and driven by extensive research and analysis.
To download the full report, click here
You can also register for a webinar on the report results. Register here.

Posted In
  • Attacks and DDoS Attacks
  • Advanced Persistent Threats