DDoS Threat Intelligence Report: Issue 11

Growth of more than 220Tbps in global internet traffic—the equivalent or more than 14 million 4K video streams of the Formula 1 Grand Prix—by the end of 2022 brought with it a steep increase in distributed denial-of-service (DDoS) attacks straight into 2023. This growth rate underscores the importance of constant innovation and investment into internetwide visibility, an investment to which NETSCOUT remains committed. 

A startling discovery revealed that more than 90 percent of the abused infrastructure remains persistent week after week, spelling good news for defenders and making tracking and mitigation more effective.  

Recent trends in adversary tactics rely more and more on bespoke infrastructure such as DDoS botnets, open proxy networks, and even The Onion Router (Tor) nodes to scan, probe, and launch DDoS attacks. This distinct infrastructure isn’t used globally, but rather case by case depending on the targets. 

Our visibility platform allows NETSCOUT’s ASERT experts to track adversary vector discovery, going so far as to identify the very first probes months before a new DDoS vector is weaponized. The lead time allows us to get ahead of the adversary and protect customers more effectively. 

DNS water-torture attacks continue to thrive, while carpet-bombing attacks continued the onslaught observed in the last quarter of 2022. These two methods combine to create havoc on service provider and enterprise networks around the world. 

Geopolitical tension echoes into the digital world, with attacks against Sweden ramping up prior to Turkey’s agreement to ratify that country’s bid to join NATO. DDoS attacks against Sweden doubled throughout the month of May. Meanwhile, the strong push of 5G technology is creating ripple effects in the DDoS threat landscape.