Key metrics from the 1H 2022 Netscout DDoS Threat Intelligence Report / ISSUE 9: FINDINGS FROM 1ST HALF 2022

Flag of Germany

Germany

Despite a slight decrease in DDoS attack frequency toward the end of 2021, adversaries unfortunately ramped up their nefarious activities in 1H 2022. Not content to simply rest on their laurels, attackers increasingly used powerful DDoS-capable botnets to launch TCP-based direct path attacks and often tied them to sociopolitical and entertainment events – think war, politics, religion, and sports.

The end result is that adversaries are constantly innovating, trying new attack methods, vectors, and motivations. EMEA experienced a 7 percent increase in DDoS attacks, with many of those tied to the conflict between Russia and Ukraine. The APAC region experienced about 8,600 DDoS attacks per day – or a new attack launched every 10 seconds. The LATAM region experienced an increase of 125 percent in botnet-based TCP floods. And North America experienced 1.04 million DDoS attacks in the six-month period, with adversaries increasingly targeting cloud-related service providers and even primary schools.

Max Multivector Attack

Max number of vectors seen in a single attack

26

Attack Vectors Used

1. ARMS Amplification
2. chargen Amplification
3. CLDAP Amplification
4. DHCP Discovery Amplification
5. DNS Amplification
6. GRE
7. ICMP
8. L2TP Amplification
9. memcached Amplification
10. MS SQL RS Amplification
11. NetBIOS Amplification
12. NTP Amplification
13. OpenVPN Amplification
14. Quake Amplification
15. RIPv1 Amplification
16. rpcbind Amplification
17. SNMP Amplification
18. SSDP Amplification
19. TCP ACK
20. TCP RST
21. TCP SYN
22. TCP SYN/ACK Amplification
23. Ubiquiti Amplification
24. UDP
25. VSE Amplification
26. WS-DD Amplification

Top 5 Attack Vectors

Ta

TCP ACK

Number of Attacks

19,245

Ts

TCP SYN

Number of Attacks

17,653

Np

NTP Amp

Number of Attacks

13,106

Tr

TCP RST

Number of Attacks

12,767

Im

ICMP

Number of Attacks

12,113

Top Nine Vertical Industries Under Attack

The following industry chart shows the most targeted sectors in 1H 2022 by number of attacks.

Rank Vertical Frequency Max Attack Max Impact Average Duration
1
Data Processing Hosting and Related Services
16,080 606 Gbps 124 Mpps 2664 Minutes
2
three wires with plugs icon Wired Telecommunications Carriers
7,791 122 Gbps 48 Mpps 1677 Minutes
3
grocery cart icon Electronic Shopping and Mail-Order Houses
4,525 29 Gbps 7 Mpps 1190 Minutes
4
cell phone icon Wireless Telecommunications Carriers (except Satellite)
2,717 84 Gbps 67 Mpps 4430 Minutes
5
Offices of Dentists
152 7 Gbps 1 Mpps 1087 Minutes
6
cell tower icon All Other Telecommunications
138 3 Gbps 3 Mpps 1739 Minutes
7
Aircraft Engine and Engine Parts Manufacturing
81 1 Gbps 0 Mpps 3808 Minutes
8
Other Residential Care Facilities
77 36 Gbps 8 Mpps 484 Minutes
9
All Other Miscellaneous Manufacturing
66 4 Gbps 0 Mpps 328 Minutes