Key metrics from the 1H 2022 Netscout DDoS Threat Intelligence Report / ISSUE 9: FINDINGS FROM 1ST HALF 2022

Flag of China

China

Despite a slight decrease in DDoS attack frequency toward the end of 2021, adversaries unfortunately ramped up their nefarious activities in 1H 2022. Not content to simply rest on their laurels, attackers increasingly used powerful DDoS-capable botnets to launch TCP-based direct path attacks and often tied them to sociopolitical and entertainment events – think war, politics, religion, and sports.

The end result is that adversaries are constantly innovating, trying new attack methods, vectors, and motivations. EMEA experienced a 7 percent increase in DDoS attacks, with many of those tied to the conflict between Russia and Ukraine. The APAC region experienced about 8,600 DDoS attacks per day – or a new attack launched every 10 seconds. The LATAM region experienced an increase of 125 percent in botnet-based TCP floods. And North America experienced 1.04 million DDoS attacks in the six-month period, with adversaries increasingly targeting cloud-related service providers and even primary schools.

Max Multivector Attack

Max number of vectors seen in a single attack

17

Attack Vectors Used

1. chargen Amplification
2. CLDAP Amplification
3. DNS
4. DNS Amplification
5. ICMP
6. mDNS Amplification
7. memcached Amplification
8. MS SQL RS Amplification
9. NetBIOS Amplification
10. NTP Amplification
11. RIPv1 Amplification
12. rpcbind Amplification
13. SNMP Amplification
14. SSDP Amplification
15. TCP ACK
16. TCP SYN
17. UDP

Top 5 Attack Vectors

Ts

TCP SYN

Number of Attacks

109,219

Dn

DNS Amp

Number of Attacks

10,620

Ta

TCP ACK

Number of Attacks

6,909

Mh

MBHTTP Amp

Number of Attacks

6,483

Flag of China

DDoS Statistics

Attack frequency -19.6%
Max throughput -2.9%
Average duration 3.5 Minutes
Max attack size -23.9%

Largest Attack

Size 551 Gbps
Speed 47 Mpps
Duration 374 Seconds

Max Peak Bandwidth

Date 4/25/22
Max Throughput 3302 Gbps

Max Peak Throughput

Date 4/15/22
Max Peak Bandwidth 13886 Mpps

Top Nine Vertical Industries Under Attack

The following industry chart shows the most targeted sectors in 1H 2022 by number of attacks.

Rank Vertical Frequency Max Attack Max Impact Average Duration
1
Data Processing Hosting and Related Services
46,513 480 Gbps 137 Mpps 1720 Minutes
2
three wires with plugs icon Wired Telecommunications Carriers
42,047 378 Gbps 73 Mpps 972 Minutes
3
cell phone icon Wireless Telecommunications Carriers (except Satellite)
1,993 337 Gbps 73 Mpps 2034 Minutes
4
grocery cart icon Electronic Shopping and Mail-Order Houses
1,197 189 Gbps 32 Mpps 1711 Minutes
5
Telecommunications Resellers Telecommunications Resellers
632 215 Gbps 18 Mpps 621 Minutes
6
Computer Training
86 61 Gbps 5 Mpps 6479 Minutes
7
Computer Systems Design Services
7 7 Gbps 0 Mpps 565 Minutes
8
All Other Plastics Product Manufacturing
2 0 Gbps 0 Mpps 635 Minutes
9
Electronics Stores
1 0 Gbps 0 Mpps 362 Minutes