Latest NETSCOUT Threat Intelligence Report Highlights Unprecedented DDoS Attack Activity

Record-setting 10 million-plus DDoS attacks and 22% increase in attack frequency; WISR survey findings reinforce impact of global DDoS extortion attack campaign

Threat Intelligence Report
Carol Hildebrand

According to the latest release of NETSCOUT’s bi-annual Threat Intelligence Report, a record-setting 10,089,687 Distributed Denial of Service (DDoS) attacks were observed during 2020. Research from both NETSCOUT’s ATLAS Security Engineering & Response Team (ASERT) and the 16th annual Worldwide Infrastructure Security Report (WISR) survey shows that the COVID-19 pandemic was the clear catalyst for this year’s unprecedented DDoS attack activity. Vital pandemic industries such as ecommerce, streaming services, online learning, and healthcare all experienced increased attention from malicious actors targeting the very online services essential to remote work and online life. According to data from the WISR, 83% of enterprises that suffered a DDoS attack reported that firewalls and/or VPN devices contributed to an outage due to the traffic, a year-over-year increase of more than 20 percent.

"Cybercriminals set multiple records in 2020, taking advantage of the shift towards remote work across the globe," stated Richard Hummel, threat intelligence lead, NETSCOUT.  "The second half of last year witnessed a huge upsurge in DDoS attacks, brute-forcing of access credentials, and malware targeting internet-connected devices. As the COVID-19 pandemic continues, it will be imperative for security professionals to remain vigilant to protect critical infrastructure." 

Other key findings from the NETSCOUT 2H2020 Threat Intelligence Report include:

  • Monthly DDoS attack numbers surpassed 800,000. Threat actors increased their DDoS onslaught due to the pandemic lockdown; monthly DDoS attacks exceeded 800,000 in March and never looked back, representing a new normal for DDoS attack activity. On average, there were 839,083 attacks per month in 2020, an increase of nearly 130 thousand attacks over 2019. 
  • Mirai malware continued to thrive during the pandemic. Adversaries using Mirai malware and its variants took advantage of shifts away from enterprise-grade protection to generate a surge in brute-force attempts on Internet of Things (IoT) consumer-grade devices. Threat actors absorbed more devices into their botnets to further strengthen the frequency, size, and throughput of DDoS attacks worldwide.
  • Commonly Used UDP-based DDoS attack vectors fueled attack increases. New reflection/amplification DDoS vectors permitted the abuse of misconfigured Microsoft RDP over UDP, Plex Media SSDP, and DTLS services resulting in an increasingly complex threat landscape.

NETSCOUT's Threat Intelligence Report covers the latest trends and activities in the DDoS threat landscape. It covers data secured from NETSCOUT's Active Level Threat Analysis System (ATLAS™) coupled with NETSCOUT's ATLAS Security Engineering & Response Team (ASERT) insights.

Read the full report

NETSCOUT Threat Intelligence Report 2020 2H