Key metrics from the 2H 2021 Netscout Threat Intelligence Report
Flag of India

India

The second half of 2021 ushered in a new focus by adversaries, who launched direct-path (non-spoofed) DDoS attacks using botnets and TCP-based floods. This coincided with a drop in DNS and CLDAP amplification, resulting in a decrease in attacks across most countries and regions. The turning point for this decline occurred just before Omicron was discovered, as COVID-19 restrictions were easing and people began returning to physical offices and classrooms. With less time to engage in malicious activity resulting in fewer DDoS attacks, threat actors certainly lend credence to the proverb that idle hands are the devil’s workshop.

Adversaries launched more than 9.7 million DDoS attacks in 2021, just 3% shy of the record-breaking 10 million seen in 2020 and a whopping 14% more than seen pre-pandemic in 2019. So although it’s tempting to simply look at the decrease in overall attacks as threat actors resting on their laurels, the reality is that attackers are innovating and adapting new techniques and methodologies to strengthen and monetize their nefarious behavior.

Max Multivector Attack

Max number of vectors seen in a single attack

20

Attack Vectors Used

1. bittorrent amplification
2. cldap amplification
3. dns
4. dns amplification
5. icmp
6. mdns amplification
7. memcached amplification
8. ms sql rs amplification
9. netbios amplification
10. ntp amplification
11. openvpn amplification
12. rpcbind amplification
13. sip amplification
14. snmp amplification
15. ssdp amplification
16. tcp ack
17. tcp rst
18. tcp syn
19. tcp syn/ack amplification
20. udp flood

Top 5 Attack Vectors

Ts

TCP SYN

Number of Attacks

44,260

Tr

TCP RST

Number of Attacks

31,332

Ta

TCP ACK

Number of Attacks

30,562

Tk

TCP SYN/ACK Amplification

Number of Attacks

21,417

Dn

DNS Amplification

Number of Attacks

20,996

Top Ten Vertical Industries Under Attack

The following industry chart shows the most targeted sectors in 2H 2021 by number of attacks.

Rank Vertical Frequency Max Attack Max Impact Average Duration
1
cell phone icon Wireless Telecommunications Carriers
18,302 68.99 Gbps 13.45 Mpps 314.5 Minutes
2
cloud icon with up arrow Data Processing, Hosting + Related Services
9,546 65.8 Gbps 26.42 Mpps 38.8 Minutes
3
Wired Telecommunications Resellers icon Wired Telecommunications Carriers
3,339 108.14 Gbps 28.69 Mpps 118 Minutes
4
shopping cart icon Electronic Shopping + Mail-Order Houses
2,503 82.35 Gbps 15.45 Mpps 81.5 Minutes
5
Telecomm Tower icon Other Telecommunications
887 33.72 Gbps 5.66 Mpps 73.8 Minutes
6
laptop icon Electronic Computer Manufacturing
852 68.99 Gbps 13.45 Mpps 37.7 Minutes
7
radio icon Internet Publishing, Broadcasting + Web Search Portals
262 24.71 Gbps 2.21 Mpps 71.5 Minutes
8
Shirt with needle and threat icon Other Personal and Household Goods Repair and Maintenance
252 10.87 Gbps 1.86 Mpps 1.86 Minutes
9
Bank with coins icon Investment Banking and Securities Dealing
231 10.9 Gbps 1.54 Mpps 363.8 Minutes
10
stethoscope icon All Other Miscellaneous Ambulatory Health Care Services
195 0.66 Gbps 0.23 Mpps 329.1 Minutes