Key metrics from the 2H 2021 Netscout Threat Intelligence Report
Flag of China

China

The second half of 2021 ushered in a new focus by adversaries, who launched direct-path (non-spoofed) DDoS attacks using botnets and TCP-based floods. This coincided with a drop in DNS and CLDAP amplification, resulting in a decrease in attacks across most countries and regions. The turning point for this decline occurred just before Omicron was discovered, as COVID-19 restrictions were easing and people began returning to physical offices and classrooms. With less time to engage in malicious activity resulting in fewer DDoS attacks, threat actors certainly lend credence to the proverb that idle hands are the devil’s workshop.

Adversaries launched more than 9.7 million DDoS attacks in 2021, just 3% shy of the record-breaking 10 million seen in 2020 and a whopping 14% more than seen pre-pandemic in 2019. So although it’s tempting to simply look at the decrease in overall attacks as threat actors resting on their laurels, the reality is that attackers are innovating and adapting new techniques and methodologies to strengthen and monetize their nefarious behavior.

Max Multivector Attack

Max number of vectors seen in a single attack

23

Attack Vectors Used

1. bittorrent amplification
2. chargen amplification
3. cldap amplification
4. dns
5. dns amplification
6. icmp
7. l2tp amplification
8. mdns amplification
9. memcached amplification
10. ms sql rs amplification
11. netbios amplification
12. ntp amplification
13. openvpn amplification
14. ripv1 amplification
15. rpcbind amplification
16. snmp amplification
17. ssdp amplification
18. tcp ack
19. tcp rst
20. tcp syn
21. tcp syn/ack amplification
22. ubiquiti amplification
23. udp flood

Top 5 Attack Vectors

Ts

TCP SYN

Number of Attacks

82,638

Dn

DNS Amplification

Number of Attacks

34,383

Np

NTP Amplification

Number of Attacks

18,331

Tr

TCP RST

Number of Attacks

10,118

Ta

TCP ACK

Number of Attacks

9,451

Top Ten Vertical Industries Under Attack

The following industry chart shows the most targeted sectors in 2H 2021 by number of attacks.

Rank Vertical Frequency Max Attack Max Impact Average Duration
1
Wired Telecommunications Resellers icon Wired Telecommunications Carriers
52,396 282.67 Gbps 32.19 Mpps 18.6 Minutes
2
cloud icon with up arrow Data Processing, Hosting + Related Services
31,184 216.47 Gbps 141.17 Mpps 24.5 Minutes
3
cell phone icon Wireless Telecommunications Carriers (except Satellite)
4,886 164.79 Gbps 32.19 Mpps 37.6 Minutes
4
shopping cart icon Electronic Shopping + Mail-Order Houses
2,223 82.47 Gbps 37.84 Mpps 35.6 Minutes
5
Sales Tag with Telephone icon Telecommunications Resellers
635 9.18 Gbps 1.57 Mpps 19.5 Minutes
6
woman at laptop icon Computer Training
463 31.56 Gbps 6.03 Mpps 83.8 Minutes
7
chart in hand icon Marketing Consulting Services
72 0.8 Gbps 0.07 Mpps 36 Minutes
8
Foldable cardboard box icon Folding Paperboard Box Manufacturing
52 25.36 Gbps 2.36 Mpps 30.6 Minutes
9
educational building icon Colleges, Universities, and Professional Schools
38 17.48 Gbps 3.83 Mpps 173.3 Minutes
10
Computer screen with a gear cog icon Computer Systems Design Services
25 13.68 Gbps 2.38 Mpps 2.38 Minutes