Key metrics from the 2H 2021 Netscout Threat Intelligence Report
Flag of Japan

Japan

The second half of 2021 ushered in a new focus by adversaries, who launched direct-path (non-spoofed) DDoS attacks using botnets and TCP-based floods. This coincided with a drop in DNS and CLDAP amplification, resulting in a decrease in attacks across most countries and regions. The turning point for this decline occurred just before Omicron was discovered, as COVID-19 restrictions were easing and people began returning to physical offices and classrooms. With less time to engage in malicious activity resulting in fewer DDoS attacks, threat actors certainly lend credence to the proverb that idle hands are the devil’s workshop.

Adversaries launched more than 9.7 million DDoS attacks in 2021, just 3% shy of the record-breaking 10 million seen in 2020 and a whopping 14% more than seen pre-pandemic in 2019. So although it’s tempting to simply look at the decrease in overall attacks as threat actors resting on their laurels, the reality is that attackers are innovating and adapting new techniques and methodologies to strengthen and monetize their nefarious behavior.

Max Multivector Attack

Max number of vectors seen in a single attack

24

Attack Vectors Used

1. chargen amplification
2. cldap amplification
3. dns
4. dns amplification
5. icmp
6. l2tp amplification
7. mdns amplification
8. memcached amplification
9. ms sql rs amplification
10. netbios amplification
11. ntp amplification
12. openvpn amplification
13. rdp amplification
14. ripv1 amplification
15. rpcbind amplification
16. snmp amplification
17. ssdp amplification
18. tcp ack
19. tcp null
20. tcp rst
21. tcp syn
22. tcp syn/ack amplification
23. udp flood
24. ws-dd amplification

Top 5 Attack Vectors

Ta

TCP ACK

Number of Attacks

79,040

Tk

TCP SYN/ACK Amplification

Number of Attacks

16,304

Tr

TCP RST

Number of Attacks

12,247

Ts

TCP SYN

Number of Attacks

11,710

Dn

DNS Amplification

Number of Attacks

10,988

Top Ten Vertical Industries Under Attack

The following industry chart shows the most targeted sectors in 2H 2021 by number of attacks.

Rank Vertical Frequency Max Attack Max Impact Average Duration
1
cloud icon with up arrow Data Processing, Hosting + Related Services
3,303 196.48 Gbps 17.21 Mpps 140.5 Minutes
2
shopping cart icon Electronic Shopping + Mail-Order Houses
2,665 196.48 Gbps 21.35 Mpps 64.2 Minutes
3
laptop icon Electronic Computer Manufacturing
2,545 196.48 Gbps 20.7 Mpps 63.4 Minutes
4
Wired Telecommunications Resellers icon Wired Telecommunications Carriers
1,969 196.48 Gbps 32.19 Mpps 88.7 Minutes
5
cell phone icon Wireless Telecommunications Carriers
994 196.48 Gbps 17.21 Mpps 121.8 Minutes
6
Telecomm Tower icon All Other Telecommunications
895 Unk Gbps Unk Mpps Unk Minutes
7
radio icon Internet Publishing, Broadcasting + Web Search Portals
599 193.88 Gbps 17.2 Mpps 82.8 Minutes
8
server configuration icon Computer Facilities Management Services
387 184.21 Gbps 16.38 Mpps 67.2 Minutes
9
Sales Tag with Telephone icon Telecommunications Resellers
187 193.88 Gbps 28.69 Mpps 66.6 Minutes
10
Computer screen with arrows and coins icon Business to Business Electronic Markets
108 97.32 Gbps 8.56 Mpps 105.7 Minutes
Download PDF Download PDF