Key metrics from the 1H 2021 Netscout Threat Intelligence Report
Flag of Italy

Italy

The massive shift to online life triggered by the COVID-19 pandemic prompted record-breaking levels of innovation by threat actors, and NETSCOUT’s ATLAS Security Engineering and Response Team (ASERT) expects this long tail of attacker innovation to last well into 2021.

Bad actors launched approximately 5.4 million DDoS attacks in 1H 2021—yet another record-breaking number. In particular, attackers launched unprecedented numbers of DDoS attacks in the first quarter, boosting attack frequency by 20 percent over the same time period in 2020. Meanwhile, adversaries discovered or weaponized seven UDP reflection/amplification DDoS attack vectors and developed adaptive multivector attacks specifically tailored to exploit vulnerabilities of their targets. Vital components of the connectivity supply chain came under increased attack, while ransomware gangs added triple-extortion DDoS tactics to their repertoire and the Fancy Lazarus threat actor launched a new DDoS extortion campaign.

Max Multivector Attack

Max number of vectors seen in a single attack

23

Attack Vectors Used

1. Chargen amplificaiton
2. CLDAP amplification
3. DNS Query Flood
4. DNS amplification
5. ICMP Flood
6. L2TP amplification
7. mDNS amplification
8. Memcached amplification
9. MSSQLRS amplification
10. NetBOIS amplification
11. NTP amplification
12. OpenVPN amplification
13. RIPv1 amplification
14. rpcbind/portman amplification
15. SNMP amplification
16. SSDP amplification
17. STUN amplification
18. TCP ACK Flood
19. TCP NULL Flood
20. TCP RST Flood
21. TCP SYN Flood
22. TCP SYN/ACK amplification
23. Unreal-Tournament amplification

Top 5 Attack Vectors

Cd

CLDAP amp

Number of Attacks

40,379

Ta

TCP ACK

Number of Attacks

29,051

Dn

DNS amplification

Number of Attacks

25,236

Ts

TCP SYN

Number of Attacks

21,110

Tr

TCP RST

Number of Attacks

118,198

Top Ten Vertical Industries Under Attack

The following industry chart shows the most targeted sectors in 1H 2021 by number of attacks.

Rank Vertical Frequency Max Attack Max Impact Average Duration
1
Wired Telecommunications Resellers icon Wired Telecommunications Carriers
4,636 112.28 Gbps 22.58 Mpps 55.7 Minutes
2
cloud icon with up arrow Data Processing, Hosting + Related Services
2,227 61.63 Gbps 14.27 Mpps 53.2 Minutes
3
Telecomm Tower icon All Other Telecommunications
1,726 64.98 Gbps 13.81 Mpps 64 Minutes
4
cell phone icon Wireless Telecommunications Carriers (except Satellite)
1,286 52.2 Gbps 8.91 Mpps 46.9 Minutes
5
shopping cart icon Electronic Shopping + Mail-Order Houses
600 68.01 Gbps 13.87 Mpps 74.6 Minutes
6
land oil rig icon Drilling Oil and Gas Wells
245 18.2 Gbps 3.25 Mpps 17.1 Minutes
7
lightbulb icon Electric Power Distribution
162 1.96 Gbps 0.4 Mpps 34.6 Minutes
8
mortarboard cap with tassel icon Administration of Education Programs
161 19.33 Gbps 4.27 Mpps 25.5 Minutes
9
Lab Formula Beaker icon All Other Professional Scientific and Technical Services
151 6.54 Gbps 1.01 Mpps 27.3 Minutes
10
computer monitor with document and checkbox icon All Other Support Services
122 30.86 Gbps 4.52 Mpps 88.9 Minutes