Key metrics from the 1H 2022 Netscout DDoS Threat Intelligence Report / ISSUE 9: FINDINGS FROM 1ST HALF 2022

Flag of Australia

Australia

Despite a slight decrease in DDoS attack frequency toward the end of 2021, adversaries unfortunately ramped up their nefarious activities in 1H 2022. Not content to simply rest on their laurels, attackers increasingly used powerful DDoS-capable botnets to launch TCP-based direct path attacks and often tied them to sociopolitical and entertainment events – think war, politics, religion, and sports.

The end result is that adversaries are constantly innovating, trying new attack methods, vectors, and motivations. EMEA experienced a 7 percent increase in DDoS attacks, with many of those tied to the conflict between Russia and Ukraine. The APAC region experienced about 8,600 DDoS attacks per day – or a new attack launched every 10 seconds. The LATAM region experienced an increase of 125 percent in botnet-based TCP floods. And North America experienced 1.04 million DDoS attacks in the six-month period, with adversaries increasingly targeting cloud-related service providers and even primary schools.

Max Multivector Attack

Max number of vectors seen in a single attack

20

Attack Vectors Used

1. chargen Amplification
2. CLDAP Amplification
3. DHCP Discovery Amplification
4. DNS Amplification
5. ICMP
6. mDNS Amplification
7. memcached Amplification
8. MS SQL RS Amplification
9. NetBIOS Amplification
10. NTP Amplification
11. RIPv1 Amplification
12. rpcbind Amplification
13. SNMP Amplification
14. SSDP Amplification
15. TCP ACK
16. TCP RST
17. TCP SYN
18. TCP SYN/ACK Amplification
19. UDP
20. WS-DD Amplification

Top 5 Attack Vectors

Ta

TCP ACK

Number of Attacks

17,953

Ts

TCP SYN

Number of Attacks

13,158

Im

ICMP

Number of Attacks

11,717

Dn

DNS Amp

Number of Attacks

10,767

Tr

TCP RST

Number of Attacks

8,083

Top Ten Vertical Industries Under Attack

The following industry chart shows the most targeted sectors in 1H 2022 by number of attacks.

Rank Vertical Frequency Max Attack Max Impact Average Duration
1
three wires with plugs icon Wired Telecommunications Carriers
40,301 672 Gbps 172 Mpps 2491 Minutes
2
Data Processing Hosting and Related Services
312 24 Gbps 16 Mpps 684 Minutes
3
cell phone icon Wireless Telecommunications Carriers (except Satellite)
212 68 Gbps 11 Mpps 657 Minutes
4
grocery cart icon Electronic Shopping and Mail-Order Houses
114 28 Gbps 29 Mpps 633 Minutes
5
Electronic Computer Manufacturing
82 9 Gbps 1 Mpps 574 Minutes
6
Hobby Toy and Game Stores
73 0 Gbps 0 Mpps 3103 Minutes
7
Direct Health and Medical Insurance Carriers
62 0 Gbps 0 Mpps 948 Minutes
8
Internet Publishing and Broadcasting and Web Search Portals
37 0 Gbps 0 Mpps 2267 Minutes
9
Software Publishers
31 5 Gbps 1 Mpps 527 Minutes
10
Computer Storage Device Manufacturing
9 1 Gbps 0 Mpps 620 Minutes