Key metrics from the 1H 2022 Netscout DDoS Threat Intelligence Report / ISSUE 9: FINDINGS FROM 1ST HALF 2022

Flag of Japan

Japan

Despite a slight decrease in DDoS attack frequency toward the end of 2021, adversaries unfortunately ramped up their nefarious activities in 1H 2022. Not content to simply rest on their laurels, attackers increasingly used powerful DDoS-capable botnets to launch TCP-based direct path attacks and often tied them to sociopolitical and entertainment events – think war, politics, religion, and sports.

The end result is that adversaries are constantly innovating, trying new attack methods, vectors, and motivations. EMEA experienced a 7 percent increase in DDoS attacks, with many of those tied to the conflict between Russia and Ukraine. The APAC region experienced about 8,600 DDoS attacks per day – or a new attack launched every 10 seconds. The LATAM region experienced an increase of 125 percent in botnet-based TCP floods. And North America experienced 1.04 million DDoS attacks in the six-month period, with adversaries increasingly targeting cloud-related service providers and even primary schools.

Max Multivector Attack

Max number of vectors seen in a single attack

21

Attack Vectors Used

1. chargen Amplification
2. CLDAP Amplification
3. DNS Amplification
4. HTTP(s) Incoming
5. L2TP Amplification
6. mDNS Amplification
7. memcached Amplification
8. MS SQL RS Amplification
9. NetBIOS Amplification
10. NTP Amplification
11. Quake Amplification
12. RIPv1 Amplification
13. rpcbind Amplification
14. Slowloris/Pyloris
15. SNMP Amplification
16. SSDP Amplification
17. TCP ACK
18. TCP PSH
19. UDP
20. UDP-80 Incoming
21. Unreal-tournament Amplification

Top 5 Attack Vectors

Ta

TCP ACK

Number of Attacks

31,366

Tk

TCP SYN/ACK Amp

Number of Attacks

14,432

Tr

TCP RST

Number of Attacks

12,588

Ts

TCP SYN

Number of Attacks

10,821

Dn

DNS Amp

Number of Attacks

7,222

Top Ten Vertical Industries Under Attack

The following industry chart shows the most targeted sectors in 1H 2022 by number of attacks.

Rank Vertical Frequency Max Attack Max Impact Average Duration
1
grocery cart icon Electronic Shopping and Mail-Order Houses
7,201 85 Gbps 77 Mpps 1241 Minutes
2
Data Processing Hosting and Related Services
5,496 107 Gbps 59 Mpps 3586 Minutes
3
three wires with plugs icon Wired Telecommunications Carriers
4,923 66 Gbps 5 Mpps 3514 Minutes
4
Electronic Computer Manufacturing
407 143 Gbps 74 Mpps 1422 Minutes
5
Full-Service Restaurants
195 4 Gbps 0 Mpps 15192 Minutes
6
cell tower icon All Other Telecommunications
169 9 Gbps 4 Mpps 2336 Minutes
7
Marketing Consulting Services
159 0 Gbps 0 Mpps 936 Minutes
8
cell phone icon Wireless Telecommunications Carriers (except Satellite)
32 7 Gbps 1 Mpps 598 Minutes
9
Computer Storage Device Manufacturing
23 4 Gbps 7 Mpps 1712 Minutes
10
Industrial Supplies Merchant Wholesalers
18 2 Gbps 1 Mpps 10507 Minutes