Key metrics from the 1H 2021 Netscout Threat Intelligence Report
Flag of United Kingdom

United Kingdom

The massive shift to online life triggered by the COVID-19 pandemic prompted record-breaking levels of innovation by threat actors, and NETSCOUT’s ATLAS Security Engineering and Response Team (ASERT) expects this long tail of attacker innovation to last well into 2021.

Bad actors launched approximately 5.4 million DDoS attacks in 1H 2021—yet another record-breaking number. In particular, attackers launched unprecedented numbers of DDoS attacks in the first quarter, boosting attack frequency by 20 percent over the same time period in 2020. Meanwhile, adversaries discovered or weaponized seven UDP reflection/amplification DDoS attack vectors and developed adaptive multivector attacks specifically tailored to exploit vulnerabilities of their targets. Vital components of the connectivity supply chain came under increased attack, while ransomware gangs added triple-extortion DDoS tactics to their repertoire and the Fancy Lazarus threat actor launched a new DDoS extortion campaign.

Max Multivector Attack

Max number of vectors seen in a single attack

23

Attack Vectors Used

1. BitTorrent amplification
2. Chargen amplification
3. CLDAP amplification
4. DNS
5. DNS amplification
6. ICMP
7. L2TP amplification
8. MDNS amplification
9. Memcached amplification
10. MSSQLRS amplification
11. NetBIOS amplification
12. NTP amplification
13. OpenVPN amplification
14. RIPv1 amplification
15. rpcbind amplification
16. SNMP amplification
17. SSDP amplification
18. STUN amplification
19. TCP ACK
20. TCP NULL
21. TCP RST
22. TCP SYN
23. TCP SYN/ACK amplification

Top 5 Attack Vectors

Dn

DNS amp

Number of Attacks

138,113

Im

ICMP

Number of Attacks

64,872

Tr

TCP RST

Number of Attacks

63,675

Ts

TCP SYN

Number of Attacks

60,166

Ta

TCP ACK

Number of Attacks

54,664

Top Ten Vertical Industries Under Attack

The following industry chart shows the most targeted sectors in 1H 2021 by number of attacks.

Rank Vertical Frequency Max Attack Max Impact Average Duration
1
cloud icon with up arrow Data Processing, Hosting + Related Services
12,300 114.42 Gbps 25.67 Mpps 53.9 Minutes
2
Wired Telecommunications Resellers icon Wired Telecommunications Carriers
11,046 114.42 Gbps 25.67 Mpps 47.6 Minutes
3
laptop icon Electronic Computer Manufacturing
5,694 98.76 Gbps 20.82 Mpps 108.2 Minutes
4
cell phone icon Wireless Telecommunications Carriers (except Satellite)
4,623 114.42 Gbps 25.67 Mpps 41.8 Minutes
5
shopping cart icon Electronic Shopping + Mail-Order Houses
2,597 98.76 Gbps 20.82 Mpps 79.2 Minutes
6
Telecomm Tower icon All Other Telecommunications
2,198 112.28 Gbps 22.58 Mpps 92.9 Minutes
7
crane icon Industrial Machinery + Equipment Merchant Wholesalers
936 95.65 Gbps 20.35 Mpps 33.6 Minutes
8
radio icon Internet Publishing, Broadcasting + Web Search Portals
713 98.76 Gbps 20.27 Mpps 74.9 Minutes
9
computer monitor with document and checkbox icon All Other Support Services
408 93.79 Gbps 19.81 Mpps 110.5 Minutes
10
computer storage icon Computer Storage Device Manufacturing
301 7.72 Gbps 1.11 Mpps 65.6 Minutes
Download PDF Download PDF