Key metrics from the 2H 2021 Netscout Threat Intelligence Report
Flag of Russia

Russia

The second half of 2021 ushered in a new focus by adversaries, who launched direct-path (non-spoofed) DDoS attacks using botnets and TCP-based floods. This coincided with a drop in DNS and CLDAP amplification, resulting in a decrease in attacks across most countries and regions. The turning point for this decline occurred just before Omicron was discovered, as COVID-19 restrictions were easing and people began returning to physical offices and classrooms. With less time to engage in malicious activity resulting in fewer DDoS attacks, threat actors certainly lend credence to the proverb that idle hands are the devil’s workshop.

Adversaries launched more than 9.7 million DDoS attacks in 2021, just 3% shy of the record-breaking 10 million seen in 2020 and a whopping 14% more than seen pre-pandemic in 2019. So although it’s tempting to simply look at the decrease in overall attacks as threat actors resting on their laurels, the reality is that attackers are innovating and adapting new techniques and methodologies to strengthen and monetize their nefarious behavior.

Max Multivector Attack

Max number of vectors seen in a single attack

25

Attack Vectors Used

1. bittorrent amplification
2. chargen amplification
3. cldap amplification
4. dns
5. dns amplification
6. icmp
7. l2tp amplification
8. mdns amplification
9. memcached amplification
10. ms sql rs amplification
11. netbios amplification
12. ntp amplification
13. openvpn amplification
14. ripv1 amplification
15. rpcbind amplification
16. snmp amplification
17. ssdp amplification
18. stun amplification
19. tcp ack
20. tcp null
21. tcp rst
22. tcp syn
23. tcp syn/ack amplification
24. udp flood
25. unreal-tournament amplification

Top 5 Attack Vectors

Ts

TCP SYN

Number of Attacks

19,838

Ta

TCP ACK

Number of Attacks

16,951

Dn

DNS Amplification

Number of Attacks

12,022

Tr

TCP RST

Number of Attacks

10,899

Np

NTP Amplification

Number of Attacks

9,984

Top Ten Vertical Industries Under Attack

The following industry chart shows the most targeted sectors in 2H 2021 by number of attacks.

Rank Vertical Frequency Max Attack Max Impact Average Duration
1
cloud icon with up arrow Data Processing, Hosting + Related Services
3,448 130.39 Gbps 32.19 Mpps 48.2 Minutes
2
Wired Telecommunications Resellers icon Wired Telecommunications Carriers
1,831 84.1 Gbps 16.56 Mpps 37.9 Minutes
3
cell phone icon Wireless Telecommunications Carriers (except Satellite)
1,105 41.14 Gbps 27.76 Mpps 56.4 Minutes
4
monitor and screwdriver icon Computer and Office machine Repair and Maintenance
860 30.74 Gbps 5.09 Mpps 32.7 Minutes
5
Telecomm Tower icon All Other Telecommunications
465 39.5 Gbps 5.53 Mpps 23.8 Minutes
6
house icon Offices of Real Estate Agents and Brokers
394 1.32 Gbps 0.17 Mpps 42.9 Minutes
7
Computer screen with document icon All Other Professional, Scientific, and Technical Services
310 32.91 Gbps 3.75 Mpps 48.8 Minutes
8
laptop icon Electronic Computer Manufacturing
200 13.86 Gbps 2.98 Mpps 41.1 Minutes
9
monitor with play button icon Cable and Other Subscription Programming
82 0.94 Gbps 0.12 Mpps 39.2 Minutes
10
Television with dials and antenna icon Television Broadcasting
47 2.4 Gbps 0.64 Mpps 24.1 Minutes