Key metrics from the 2H 2021 Netscout Threat Intelligence Report
Flag of Australia

Australia

The second half of 2021 ushered in a new focus by adversaries, who launched direct-path (non-spoofed) DDoS attacks using botnets and TCP-based floods. This coincided with a drop in DNS and CLDAP amplification, resulting in a decrease in attacks across most countries and regions. The turning point for this decline occurred just before Omicron was discovered, as COVID-19 restrictions were easing and people began returning to physical offices and classrooms. With less time to engage in malicious activity resulting in fewer DDoS attacks, threat actors certainly lend credence to the proverb that idle hands are the devil’s workshop.

Adversaries launched more than 9.7 million DDoS attacks in 2021, just 3% shy of the record-breaking 10 million seen in 2020 and a whopping 14% more than seen pre-pandemic in 2019. So although it’s tempting to simply look at the decrease in overall attacks as threat actors resting on their laurels, the reality is that attackers are innovating and adapting new techniques and methodologies to strengthen and monetize their nefarious behavior.

Max Multivector Attack

Max number of vectors seen in a single attack

25

Attack Vectors Used

1. bittorrent amplification
2. chargen amplification
3. cldap amplification
4. dhcpdiscover amplification
5. dns
6. dns amplification
7. icmp
8. l2tp amplification
9. mdns amplification
10. memcached amplification
11. ms sql rs amplification
12. netbios amplification
13. ntp amplification
14. ripv1 amplification
15. rpcbind amplification
16. snmp amplification
17. ssdp amplification
18. stun amplification
19. tcp ack
20. tcp null
21. tcp rst
22. tcp syn
23. tcp syn/ack amplification
24. ubiquiti amplification
25. udp flood

Top 5 Attack Vectors

Ta

TCP ACK

Number of Attacks

16,743

Dn

DNS Amplification

Number of Attacks

15,564

Ts

TCP SYN

Number of Attacks

7,441

Np

NTP Amplification

Number of Attacks

7,311

Cd

CLDAP Amplification

Number of Attacks

7,221

Top Ten Vertical Industries Under Attack

The following industry chart shows the most targeted sectors in 2H 2021 by number of attacks.

Rank Vertical Frequency Max Attack Max Impact Average Duration
1
Wired Telecommunications Resellers icon Wired Telecommunications Carriers
1,862 81.33 Gbps 15.77 Mpps 51.3 Minutes
2
laptop icon Electronic Computer Manufacturing
1,093 82.44 Gbps 15.77 Mpps 60.1 Minutes
3
cell phone icon Wireless Telecommunications Carriers (except Satellite)
1,019 108.14 Gbps 28.69 Mpps 46.5 Minutes
4
cloud icon with up arrow Data Processing, Hosting + Related Services
969 45.12 Gbps 5.74 Mpps 257.9 Minutes
5
shopping cart icon Electronic Shopping + Mail-Order Houses
597 76.58 Gbps 15.39 Mpps 46 Minutes
6
Telecomm Tower icon All Other Telecommunications
159 78.85 Gbps 15.66 Mpps 62.9 Minutes
7
radio icon Internet Publishing, Broadcasting + Web Search Portals
117 7.11 Gbps 0.67 Mpps 35 Minutes
8
Soccer ball icon Hobby Toy and Game Stores
65 55.61 Gbps 9.77 Mpps 21.9 Minutes
9
Document with PDF icon Software Publishers
63 5.92 Gbps 0.5 Mpps 108.6 Minutes
10
House with coins icon Real Estate Credit
55 0.89 Gbps 0.1 Mpps 54.7 Minutes