Flag of Japan


Key Metrics from the 2H 2020 NETSCOUT Threat Intelligence Report

As the COVID-19 pandemic triggered a massive shift in internet usage, cybercriminals quickly pounced, launching more than 10 million DDoS attacks aimed at crippling the very online services essential to remote work and online life. Vital pandemic industries such as ecommerce, streaming services, online learning, and healthcare all experienced increased attention from malicious actors, including those behind the Lazarus Bear Armada campaign of DDoS extortion attacks that hit thousands of companies worldwide. As the COVID-19 pandemic extends into 2021, we can logically expect to see threat actors targeting vulnerabilities exposed by the global crisis as well as discovering and using new attack vectors that poke at the weak spots of our new normal.

Impact Analysis

This was a record-breaking year for DDoS attacks—and that has to have an impact on global infrastructure, since DDoS attackers don’t pay for transit costs. Instead, that cost is generally passed down to everyone who uses the internet. So we continued to dig into the details of how much traffic on the global internet is due solely to DDoS attacks by calculating the DDoS Attack Coefficient (DAC). This measurement illustrates the continual presence of DDoS traffic across all regions. In essence, it shows the “DDoS tax” that we all end up paying.

Bandwidth Impact Percentage Change

July 19.2 Mpps, August 89.0 Mpps, September 24.3 Mpps, October 50.5 Mpps, November 90.7 Mpps, December 89.6 Mpps

Throughput Impact Percentage Change

July 123.7 Gbps, August 221.5 Gbps, September 178.6 Gbps, October 149.4 Gbps, November 404.1 Gbps, December 159.3 Gbps

Top Ten Vertical Industries Under Attack

The following industry chart shows the most targeted sectors in 2020 by number of attacks.

Rank Vertical Frequency Max Attack Max Impact Average Duration
Wired Telecommunications Resellers icon Wired Telecommunications Carriers
4,153 116.1 Gbps 10.2 Mpps 88.9 Minutes
shopping cart icon Electronic Shopping + Mail-Order Houses
4,013 116.1 Gbps 29.8 Mpps 85.8 Minutes
cloud icon with up arrow Data Processing, Hosting + Related Services
3,053 107.6 Gbps 22.6 Mpps 63.3 Minutes
laptop icon Electronic Computer Manufacturing
2,545 106.3 Gbps 9.3 Mpps 63.2 Minutes
cell phone icon Wireless Telecommunications Carriers
2,289 116.1 Gbps 10.2 Mpps 125.9 Minutes
Telecomm Tower icon Other Telecommunications
1,127 116.1 Gbps 10.2 Mpps 97.3 Minutes
radio icon Internet Publishing, Broadcasting + Web Search Portals
936 96.1 Gbps 8.4 Mpps 77.8 Minutes
server configuration icon Computer Facilities Management Services
298 49.3 Gbps 5.2 Mpps 71.7 Minutes
chart and magnifying glass icon Marketing Research + Public Opinion Polling
282 2.0 Gbps 0.3 Mpps 47.3 Minutes
Sales Tag with Telephone icon Telecommunications Resellers
201 96.4 Gbps 8.4 Mpps 107.3 Minutes


Top Five Username + Password Combinations

admin/admin - 424; root/vizxv - 385; guest/12345 - 376; root/root - 363; root/xc3511 - 315

Top Exploits

Exploit Name EDB-ID
/picsdesc.xml Realtex SDK — Miniigd UPnP SOAP 37169
/ctrlt/DeviceUpgrade_1 Huawei Router 45991
/setup.cgi Netgear Remote Code Execution 43055
/ws/v1/cluster/apps Hadoop YARN ResourceManager 45025
/GponForm/diag_Form Dasan GPON home routers -----
Download PDF Download PDF