Key metrics from the 1H 2021 Netscout Threat Intelligence Report
Flag of Saudi Arabia

Saudi Arabia

The massive shift to online life triggered by the COVID-19 pandemic prompted record-breaking levels of innovation by threat actors, and NETSCOUT’s ATLAS Security Engineering and Response Team (ASERT) expects this long tail of attacker innovation to last well into 2021.

Bad actors launched approximately 5.4 million DDoS attacks in 1H 2021—yet another record-breaking number. In particular, attackers launched unprecedented numbers of DDoS attacks in the first quarter, boosting attack frequency by 20 percent over the same time period in 2020. Meanwhile, adversaries discovered or weaponized seven UDP reflection/amplification DDoS attack vectors and developed adaptive multivector attacks specifically tailored to exploit vulnerabilities of their targets. Vital components of the connectivity supply chain came under increased attack, while ransomware gangs added triple-extortion DDoS tactics to their repertoire and the Fancy Lazarus threat actor launched a new DDoS extortion campaign.

Max Multivector Attack

Max number of vectors seen in a single attack

26

Attack Vectors Used

1. Chargen amplification
2. Citrix-ICA amplification
3. CLDAP amplification
4. DNS
5. DNS amplification
6. ICMP
7. IPMI amplification
8. IPv4 Protocol 0
9. ISAKMP
10. L2TP amplification
11. mDNS amplification
12. Memcached amplification
13. MSSQLRS amplification
14. NetBIOS amplification
15. NTP amplification
16. OpenVPN amplification
17. RIPv1 amplification
18. rpcbind amplification
19. SNMP amplification
20. SSDP amplification
21. TCP ACK
22. TCP NULL
23. TCP RST
24. TCP SYN
25. TCP SYN/ACK amplification
26. Ubiquiti amplification

Top 5 Attack Vectors

Ta

TCP ACK

Number of Attacks

73,400

Np

NTP amp

Number of Attacks

14,026

Dn

DNS amp

Number of Attacks

10,787

Im

ICMP

Number of Attacks

10,621

Ts

TCP SYN

Number of Attacks

9,993

Flag of Saudi Arabia

DDoS Statistics

Attack frequency +250%
Max throughput +1%
Average duration +92%
Max attack size +13%

Largest Attack

Size 352.74 Gbps
Speed 31.06 Mpps
Duration 353 Seconds

Max Peak Throughput

Date 04/01/2021
Max Throughput 96 Mpps

Max Peak Bandwidth

Date 04/01/2021
Max Peak Bandwidth 479 Gbps

Top Seven Vertical Industries Under Attack

The following industry chart shows the most targeted sectors in 1H 2021 by number of attacks.

Rank Vertical Frequency Max Attack Max Impact Average Duration
1
Wired Telecommunications Resellers icon Wired Telecommunications Carriers
4,236 93.11 Gbps 19.78 Mpps 86.3 Minutes
2
cloud icon with up arrow Data Processing, Hosting + Related Services
150 16.50 Gbps 4.03 Mpps 36.0 Minutes
3
Telecomm Tower icon Other Telecommunications
71 14.34 Gbps 3.80 Mpps 88.0 Minutes
4
computer storage icon Computer Storage Device Manufacturing
5 1.97 Gbps 0.23 Mpps 56.8 Minutes
5
woman healthcare professional with stethoscope around neck icon Offices of Physicians (except Mental Health Specialists)
2 0.03 Gbps 0.00 Mpps 14.5 Minutes
6
Plane Ticket icon Scheduled Passenger Air Transportation
1 0.04 Gbps 0.00 Mpps 42.0 Minutes
7
Document with PDF icon Software Publishers
1 0.11 Gbps 0.01 Mpps 12.0 Minutes
Download PDF Download PDF Arabic - عربى