Key metrics from the 2H 2021 Netscout Threat Intelligence Report
Flag of Germany

Germany

The second half of 2021 ushered in a new focus by adversaries, who launched direct-path (non-spoofed) DDoS attacks using botnets and TCP-based floods. This coincided with a drop in DNS and CLDAP amplification, resulting in a decrease in attacks across most countries and regions. The turning point for this decline occurred just before Omicron was discovered, as COVID-19 restrictions were easing and people began returning to physical offices and classrooms. With less time to engage in malicious activity resulting in fewer DDoS attacks, threat actors certainly lend credence to the proverb that idle hands are the devil’s workshop.

Adversaries launched more than 9.7 million DDoS attacks in 2021, just 3% shy of the record-breaking 10 million seen in 2020 and a whopping 14% more than seen pre-pandemic in 2019. So although it’s tempting to simply look at the decrease in overall attacks as threat actors resting on their laurels, the reality is that attackers are innovating and adapting new techniques and methodologies to strengthen and monetize their nefarious behavior.

Max Multivector Attack

Max number of vectors seen in a single attack

26

Attack Vectors Used

1. arms amplification
2. citrix-ica amplification
3. cldap amplification
4. coap amplification
5. dhcpdiscover amplification
6. dns amplification
7. icmp
8. ipmi amplification
9. isakmp
10. mdns amplification
11. memcached amplification
12. ms sql rs amplification
13. netbios amplification
14. ntp amplification
15. openvpn amplification
16. ripv1 amplification
17. rpcbind amplification
18. snmp amplification
19. ssdp amplification
20. tcp ack
21. tcp null
22. tcp rst
23. tcp syn
24. tcp syn/ack amplification
25. udp flood
26. ws-dd amplification

Top 5 Attack Vectors

Ta

TCP ACK

Number of Attacks

46,668

Ts

TCP SYN

Number of Attacks

26,910

Tr

TCP RST

Number of Attacks

19,903

Np

NTP Amplification

Number of Attacks

19,156

Dn

DNS Amplification

Number of Attacks

17,565

Top Ten Vertical Industries Under Attack

The following industry chart shows the most targeted sectors in 2H 2021 by number of attacks.

Rank Vertical Frequency Max Attack Max Impact Average Duration
1
cloud icon with up arrow Data Processing, Hosting + Related Services
20,638 278.77 Gbps 43.32 Mpps 57.4 Minutes
2
shopping cart icon Electronic Shopping + Mail-Order Houses
16,918 114.09 Gbps 29.01 Mpps 34.4 Minutes
3
Wired Telecommunications Resellers icon Wired Telecommunications Carriers
4,864 130.39 Gbps 32.19 Mpps 67.5 Minutes
4
laptop icon Electronic Computer Manufacturing
2,626 114.09 Gbps 29.01 Mpps 133.4 Minutes
5
Telecomm Tower icon Other Telecommunications
2,056 114.09 Gbps 29.01 Mpps 90.7 Minutes
6
cell phone icon Wireless Telecommunications Carriers
1,966 114.09 Gbps 29.01 Mpps 65.8 Minutes
7
radio icon Internet Publishing, Broadcasting + Web Search Portals
858 134.01 Gbps 35.49 Mpps 71.4 Minutes
8
computer storage icon Computer Storage Device Manufacturing
820 114.09 Gbps 29.01 Mpps 115.6 Minutes
9
tooth icon Offices of Dentists
352 15.21 Gbps 18.9 Mpps 36.9 Minutes
10
Sales Tag with Telephone icon Telecommunications Resellers
337 24.37 Gbps 4.98 Mpps 62.6 Minutes