Key metrics from the 2H 2021 Netscout Threat Intelligence Report
Flag of France

France

The second half of 2021 ushered in a new focus by adversaries, who launched direct-path (non-spoofed) DDoS attacks using botnets and TCP-based floods. This coincided with a drop in DNS and CLDAP amplification, resulting in a decrease in attacks across most countries and regions. The turning point for this decline occurred just before Omicron was discovered, as COVID-19 restrictions were easing and people began returning to physical offices and classrooms. With less time to engage in malicious activity resulting in fewer DDoS attacks, threat actors certainly lend credence to the proverb that idle hands are the devil’s workshop.

Adversaries launched more than 9.7 million DDoS attacks in 2021, just 3% shy of the record-breaking 10 million seen in 2020 and a whopping 14% more than seen pre-pandemic in 2019. So although it’s tempting to simply look at the decrease in overall attacks as threat actors resting on their laurels, the reality is that attackers are innovating and adapting new techniques and methodologies to strengthen and monetize their nefarious behavior.

Max Multivector Attack

Max number of vectors seen in a single attack

23

Attack Vectors Used

1. chargen amplification
2. dns
3. dns amplification
4. icmp
5. isakmp
6. l2tp amplification
7. mdns amplification
8. memcached amplification
9. ms sql rs amplification
10. netbios amplification
11. ntp amplification
12. openvpn amplification
13. ripv1 amplification
14. rpcbind amplification
15. snmp amplification
16. ssdp amplification
17. stun amplification
18. tcp ack
19. tcp null
20. tcp rst
21. tcp syn
22. tcp syn/ack amplification
23. udp flood

Top 5 Attack Vectors

Ta

TCP ACK

Number of Attacks

16,080

Dn

DNS Amplification

Number of Attacks

13,913

Ts

TCP SYN

Number of Attacks

13,867

Tk

TCP SYN/ACK Amplification

Number of Attacks

13,058

Tr

TCP RST

Number of Attacks

12,381

Top Ten Vertical Industries Under Attack

The following industry chart shows the most targeted sectors in 2H 2021 by number of attacks.

Rank Vertical Frequency Max Attack Max Impact Average Duration
1
cloud icon with up arrow Data Processing, Hosting + Related Services
17,401 100.46 Gbps 27.16 Mpps 81.6 Minutes
2
Wired Telecommunications Resellers icon Wired Telecommunications Carriers
7,651 99.64 Gbps 16.56 Mpps 128.1 Minutes
3
laptop icon Electronic Computer Manufacturing
6,592 100.46 Gbps 18.85 Mpps 113.6 Minutes
4
cell phone icon Wireless Telecommunications Carriers (except Satellite)
6,501 160.34 Gbps 21.51 Mpps 125.5 Minutes
5
Telecomm Tower icon Other Other Telecommunications
4,476 64.06 Gbps 12.97 Mpps 130.8 Minutes
6
shopping cart icon Electronic Shopping + Mail-Order Houses
3,784 114.09 Gbps 29.01 Mpps 127.2 Minutes
7
car icon New Car Dealers
2,478 76.85 Gbps 15.13 Mpps 146.8 Minutes
8
web page code icon Custom Computer Programming Services
588 84.04 Gbps 16.46 Mpps 194.4 Minutes
9
Computer screen with document icon All Other Support Services
507 61.38 Gbps 11.89 Mpps 78.6 Minutes
10
chart in hand icon Marketing Consulting Services
479 2.56 Gbps 0.22 Mpps 28.5 Minutes