NETSCOUT Threat Intelligence Report
With Key Findings from the 15th Annual Worldwide Infrastructure Security Report (WISR)

Findings from 2H 2019

We want you to remember one number: 8.4 million

That is the number of DDoS attacks NETSCOUT Threat Intelligence saw last year alone: 23,000 attacks per day, 16 every minute. Any way you slice it, that’s a huge number of attacks. The reality is, attackers are smart and efficient and never give up, using laser-focused attacks with minimal resources.

Key Findings

Enterprises and service providers need to defend themselves against attacks and protect their customers, as attackers increasingly target customer-facing services and applications and publicly exposed service infrastructure. Even worse, adversaries sometimes use customers as conduits for attacks. Mobile phones and networks are under the gun as APT groups bump up mobile malware use, while DDoS attacks on mobile networks jumped 64 percent. Attackers not only widely weaponized seven DDoS attack vectors, but also added new variations to existing attack vectors—and vertical sectors like satellite communications paid the price. Even worse, efficiency is their middle name: most attacks use less than 3 percent of available resources in that vector. And let’s not forget the legion of IoT botmasters, salivating to belly up to the never-ending smorgasbord of vulnerable IoT devices.

WISR Survey Highlights IoT, Cloud Risk

A diagram showing interconnected IoT devices and a cloud.

Infected and compromised endpoint IoT devices are a top concern for enterprises, while respondents reported a dramatic increase in DDoS attacks on publicly exposed service infrastructure.

Attackers Bypass Stout Defenses

Meanwhile, adversaries using advanced reconnaissance discovered how to use the client services of well-protected targets like ISPs or financial institutions to amplify attacks against specific enterprises and network operators.

A lock depicing attack vectors.

Mobility Under Attack

Mobile Phone graphic.


from 2H 2018
to 2H 2019

Mobile phones and wireless networks are under the gun as DDoS attacks on mobile networks jumped 64 percent year over year and APT groups bring mobile malware into heavy rotation.

Lucky Seven for Attackers

The seven new attack vectors: ARMS. COAP_v1. COAP_v2. IPMI/RMCP. OpenVPN. WS_DD. Ubiquiti.

Attackers weaponized seven new, or increasingly used, reflection/amplification attack vectors in 2019 while combining new variations of existing attacks—all while effectively husbanding resources and more accurately targeting attacks.

New Techniques Pump Up Attacks

Attackers not only combined attack vectors, but also made them stronger than the sum of their parts by combining TCP reflection/amplification and carpet-bombing techniques.

An angry vacuum cleaner.

ISPs and Satellite Telecom Pay the Price

A picture of a satellite dish.


in attack frequency

Vertical sectors such as satellite telecommunications saw a 295 percent increase in attack frequency—and it was likely collateral damage from carpet-bombing DDoS attacks on financial institutions in several countries.

IoT = Intensification of Threats


Botmasters eagerly await the 20.4 billion IoT devices forecast to connect to the internet in 2020 with an ever-growing selection of malware strains to choose from.

The Takeaway

The overall threat landscape only knows one direction: up.

Nation-state groups proliferate globally while cybercriminals seem one step ahead of the game, targeting not only enterprises and service providers, but also their customers. Key digital transformation technology like cloud services and mobile networks and devices have become prime targets, while botmasters eagerly take advantage of the ongoing deluge of vulnerable IoT devices. These adversaries are smart and motivated, and we can count on them discovering and weaponizing new attack vectors or adding new variations to existing ones.

But that does not mean that your specific organization cannot dramatically improve its security and risk posture in the coming year. There are so many things that can be done, from the very basics, like patching, to taking the time to understand your own network architecture and traffic flows during peace time. We hope that the information in this report helps.

The ASERT team monitors the threat landscape and reports on new actors, malware under development, and the increasingly sophisticated tools and techniques deployed. For an in-depth summary, download the latest NETSCOUT Threat Intelligence Report for the second half of 2019.

Download the Report