Flag of Saudi Arabia

Saudi Arabia

Key Metrics from the 2H 2020 NETSCOUT Threat Intelligence Report

As the COVID-19 pandemic triggered a massive shift in internet usage, cybercriminals quickly pounced, launching more than 10 million DDoS attacks aimed at crippling the very online services essential to remote work and online life. Vital pandemic industries such as ecommerce, streaming services, online learning, and healthcare all experienced increased attention from malicious actors, including those behind the Lazarus Bear Armada campaign of DDoS extortion attacks that hit thousands of companies worldwide. As the COVID-19 pandemic extends into 2021, we can logically expect to see threat actors targeting vulnerabilities exposed by the global crisis as well as discovering and using new attack vectors that poke at the weak spots of our new normal.

Impact Analysis

This was a record-breaking year for DDoS attacks—and that has to have an impact on global infrastructure, since DDoS attackers don’t pay for transit costs. Instead, that cost is generally passed down to everyone who uses the internet. So we continued to dig into the details of how much traffic on the global internet is due solely to DDoS attacks by calculating the DDoS Attack Coefficient (DAC). This measurement illustrates the continual presence of DDoS traffic across all regions. In essence, it shows the “DDoS tax” that we all end up paying.

Bandwidth Impact Percentage Change

July 63.8 Mpps, August 57.1 Mpps, September 67.3 Mpps, October 172.8 Mpps, November 114.6 Mpps, December 73.9 Mpps

Throughput Impact Percentage Change

July 151.3 Gbps, August 301.7 Gbps, September 199.1 Gbps, October 644.8 Gbps, November 411.7 Gbps, December 330.0 Gbps

DDoS Statistics

Attack frequency 68 %
Max throughput 8 %
Average duration 23 %
Max attack size 7 %

Largest Attack

Size 312 Gbps
Speed 82.8 Mpps
Duration 41 Min

Attack Types

ICMP, NTP amplification, TCP ACK, TCP SYN/ACK Amplification, TCP SYN, Quake Amplification

Vector Attacks

Max number of vectors seen in a single attack

20

Top 5 Vectors # of Attacks
TCP ACK 53,213
NTP Amplification 24,657
ICMP 11,642
OpenVPN Amplification 10,177

Top Ten Vertical Industries Under Attack

The following industry chart shows the most targeted sectors in 2020 by number of attacks.

Rank Vertical Frequency Max Attack Max Impact Average Duration
1
Wired Telecommunications Resellers icon Wired Telecommunications Carriers
12,099 61.4 Gbps 12.8 Mpps 22.7 Minutes
2
cloud icon with up arrow Data Processing, Hosting + Related Services
214 12.9 Gbps 3.4 Mpps 29.2 Minutes
3
Telecomm Tower icon Other Telecommunications
70 3.2 Gbps 3.2 Mpps 95.9 Minutes
4
Plane Ticket icon Scheduled Passenger Air Transportation
17 2.5 Gbps 0.2 Mpps 14.1 Minutes
5
monitor and screwdriver icon Computer and Office Machine Repair + Maintenance
5 0.4 Gbps 0.1 Mpps 25.6 Minutes
6
computer storage icon Computer Storage Device Manufacturing
4 2.1 Gbps 1.6 Mpps 13.9 Minutes
7
hotel icon Hotels + Motels
2 0.2 Gbps 0.07 Mpps 255.6 Minutes
8
cell phone icon Wireless Telecommunications Carriers
2 0.02 Gbps 0.05 Mpps 5.4 Minutes
9
boarding tickets icon Credit Card Issuing
1 0.002 Gbps 0.0003 Mpps 12.7 Minutes
10
Document with PDF icon Software Publishers
1 0.007 Gbps 0.0009 Mpps 29.9 Minutes

IoT

Top Five Username + Password Combinations

root/xc3511 - 1435; guest/12345 - 1279; admin/admin - 1051; root/vizxv - 825; root/root - 664

Top Exploits

Exploit Name EDB-ID
/ctrlt/DeviceUpgrade_1 Huawei Router 45991
/picsdesc.xml Realtek SDK Miniigd UPnP SOAP 37169
/ws/v1/cluster/apps Hadoop YARN ResourceManager 45025
/setup.cgi Netgear Remote Code Execution 43055
Download PDF Download PDF