Key metrics from the 1H 2022 Netscout DDoS Threat Intelligence Report / ISSUE 9: FINDINGS FROM 1ST HALF 2022

Flag of Saudi Arabia

Saudi Arabia

Despite a slight decrease in DDoS attack frequency toward the end of 2021, adversaries unfortunately ramped up their nefarious activities in 1H 2022. Not content to simply rest on their laurels, attackers increasingly used powerful DDoS-capable botnets to launch TCP-based direct path attacks and often tied them to sociopolitical and entertainment events – think war, politics, religion, and sports.

The end result is that adversaries are constantly innovating, trying new attack methods, vectors, and motivations. EMEA experienced a 7 percent increase in DDoS attacks, with many of those tied to the conflict between Russia and Ukraine. The APAC region experienced about 8,600 DDoS attacks per day – or a new attack launched every 10 seconds. The LATAM region experienced an increase of 125 percent in botnet-based TCP floods. And North America experienced 1.04 million DDoS attacks in the six-month period, with adversaries increasingly targeting cloud-related service providers and even primary schools.

Max Multivector Attack

Max number of vectors seen in a single attack

21

Attack Vectors Used

1. ARMS Amplification
2. chargen Amplification
3. DNS
4. DNS Amplification
5. ICMP
6. MS SQL RS Amplification
7. NetBIOS Amplification
8. NTP Amplification
9. OpenVPN Amplification
10. rpcbind Amplification
11. SNMP Amplification
12. SSDP Amplification
13. STUN Amplification
14. TCP ACK
15. TCP RST
16. TCP SYN
17. TCP SYN/ACK Amplification
18. TFTP Amplification
19. UDP
20. Unreal-tournament Amplification
21. WS-DD Amplification

Top 5 Attack Vectors

Ta

TCP ACK

Number of Attacks

112,466

Tk

TCP SYN/ACK Amp

Number of Attacks

37,927

Tr

TCP RST

Number of Attacks

25,085

Np

NTP Amp

Number of Attacks

19,548

Im

ICMP

Number of Attacks

17,166

Top Four Vertical Industries Under Attack

The following industry chart shows the most targeted sectors in 1H 2022 by number of attacks.

Rank Vertical Frequency Max Attack Max Impact Average Duration
1
Data Processing Hosting and Related Services
49,738 126 Gbps 25 Mpps 5427 Minutes
2
three wires with plugs icon Wired Telecommunications Carriers
20,372 208 Gbps 95 Mpps 1067 Minutes
3
cell tower icon All Other Telecommunications
5 1 Gbps 4 Mpps 518 Minutes
4
cell phone icon Wireless Telecommunications Carriers (except Satellite)
1 0 Gbps 0 Mpps 294 Minutes