Key metrics from the 1H 2021 Netscout Threat Intelligence Report
Flag of Japan

Japan

The massive shift to online life triggered by the COVID-19 pandemic prompted record-breaking levels of innovation by threat actors, and NETSCOUT’s ATLAS Security Engineering and Response Team (ASERT) expects this long tail of attacker innovation to last well into 2021.

Bad actors launched approximately 5.4 million DDoS attacks in 1H 2021—yet another record-breaking number. In particular, attackers launched unprecedented numbers of DDoS attacks in the first quarter, boosting attack frequency by 20 percent over the same time period in 2020. Meanwhile, adversaries discovered or weaponized seven UDP reflection/amplification DDoS attack vectors and developed adaptive multivector attacks specifically tailored to exploit vulnerabilities of their targets. Vital components of the connectivity supply chain came under increased attack, while ransomware gangs added triple-extortion DDoS tactics to their repertoire and the Fancy Lazarus threat actor launched a new DDoS extortion campaign.

Max Multivector Attack

Max number of vectors seen in a single attack

24

Attack Vectors Used

1. BitTorrent amplification
2. Chargen amplification
3. CLDAP amplification
4. DNS
5. DNS amplification
6. ICMP
7. L2TP amplification
8. MDNS amplification
9. Memcached amplification
10. MSSQLRS amplification
11. NetBIOS amplification
12. NTP amplification
13. RDP amplification
14. RIPv1 amplification
15. rpcbind amplification
16. Sentinel amplification
17. SNMP amplification
18. SSDP amplification
19. STUN amplification
20. TCP ACK
21. TCP NULL
22. TCP RST
23. TCP SYN
24. TCP SYN/ACK amplification

Top 5 Attack Vectors

Ta

TCP ACK

Number of Attacks

62,187

Tk

TCP SYN/ACK

Number of Attacks

9,808

Tr

TCP RST

Number of Attacks

7,000

Ts

TCP SYN

Number of Attacks

6,616

Dn

DNS amp

Number of Attacks

5,363

Top Ten Vertical Industries Under Attack

The following industry chart shows the most targeted sectors in 1H 2021 by number of attacks.

Rank Vertical Frequency Max Attack Max Impact Average Duration
1
cloud icon with up arrow Data Processing, Hosting + Related Services
4,234 119.19 Gbps 20.82 Mpps 69.3 Minutes
2
Wired Telecommunications Resellers icon Wired Telecommunications Carriers
2,521 119.19 Gbps 19.05 Mpps 126.4 Minutes
3
laptop icon Electronic Computer Manufacturing
2,479 105.26 Gbps 17.69 Mpps 86.0 Minutes
4
shopping cart icon Electronic Shopping + Mail-Order Houses
2,310 119.19 Gbps 17.14 Mpps 95.7 Minutes
5
cell phone icon Wireless Telecommunications Carriers
1,060 119.19 Gbps 10.43 Mpps 192.7 Minutes
6
Telecomm Tower icon All Other Telecommunications
760 69.20 Gbps 8.24 Mpps 115.9 Minutes
7
crane icon Industrial Supplies Merchant Wholesalers
735 40.03 Gbps 8.03 Mpps 147.7 Minutes
8
radio icon Internet Publishing, Broadcasting + Web Search Portals
615 105.26 Gbps 9.23 Mpps 140.4 Minutes
9
server configuration icon Computer Facilities Management Services
286 88.97 Gbps 7.82 Mpps 101.8 Minutes
10
Sales Tag with Telephone icon Telecommunications Resellers
204 110.18 Gbps 9.63 Mpps 159.3 Minutes
Download PDF Download PDF Japanese - 日本語