Key metrics from the 2H 2021 Netscout Threat Intelligence Report
Flag of United Kingdom

United Kingdom

The second half of 2021 ushered in a new focus by adversaries, who launched direct-path (non-spoofed) DDoS attacks using botnets and TCP-based floods. This coincided with a drop in DNS and CLDAP amplification, resulting in a decrease in attacks across most countries and regions. The turning point for this decline occurred just before Omicron was discovered, as COVID-19 restrictions were easing and people began returning to physical offices and classrooms. With less time to engage in malicious activity resulting in fewer DDoS attacks, threat actors certainly lend credence to the proverb that idle hands are the devil’s workshop.

Adversaries launched more than 9.7 million DDoS attacks in 2021, just 3% shy of the record-breaking 10 million seen in 2020 and a whopping 14% more than seen pre-pandemic in 2019. So although it’s tempting to simply look at the decrease in overall attacks as threat actors resting on their laurels, the reality is that attackers are innovating and adapting new techniques and methodologies to strengthen and monetize their nefarious behavior.

Max Multivector Attack

Max number of vectors seen in a single attack

26

Attack Vectors Used

1. bittorrent amplification
2. chargen amplification
3. cldap amplification
4. dns
5. dns amplification
6. icmp
7. isakmp
8. jenkins amplification
9. mdns amplification
10. memcached amplification
11. ms sql rs amplification
12. netbios amplification
13. ntp amplification
14. openvpn amplification
15. ripv1 amplification
16. rpcbind amplification
17. sip amplification
18. snmp amplification
19. ssdp amplification
20. stun amplification
21. tcp ack
22. tcp rst
23. tcp syn
24. tcp syn/ack amplification
25. ubiquiti amplification
26. udp flood

Top 5 Attack Vectors

Dn

DNS Amplification

Number of Attacks

55,067

Tr

TCP RST

Number of Attacks

38,083

Ta

TCP ACK

Number of Attacks

34,119

Ts

TCP SYN

Number of Attacks

31,562

Tk

TCP SYN/ACK Amplification

Number of Attacks

20,674

Top Ten Vertical Industries Under Attack

The following industry chart shows the most targeted sectors in 2H 2021 by number of attacks.

Rank Vertical Frequency Max Attack Max Impact Average Duration
1
cloud icon with up arrow Data Processing, Hosting + Related Services
7,267 100.46 Gbps 18.85 Mpps 62.5 Minutes
2
Wired Telecommunications Resellers icon Wired Telecommunications Carriers
6,906 145.05 Gbps 26.4 Mpps 61 Minutes
3
laptop icon Electronic Computer Manufacturing
6,486 84.1 Gbps 16.56 Mpps 113.8 Minutes
4
cell phone icon Wireless Telecommunications Carriers (except Satellite)
2,712 84.04 Gbps 16.46 Mpps 89.4 Minutes
5
shopping cart icon Electronic Shopping + Mail-Order Houses
2,538 84.1 Gbps 16.56 Mpps 82.6 Minutes
6
radio icon Internet Publishing, Broadcasting + Web Search Portals
1,061 75.63 Gbps 14.66 Mpps 56.8 Minutes
7
crane icon Industrial Machinery + Equipment Merchant Wholesalers
476 28.49 Gbps 4.75 Mpps 49.7 Minutes
8
Computer screen with document icon All Other Support Services
432 67.92 Gbps 13.43 Mpps 156.5 Minutes
9
web page code icon Custom Computer Programming Services
355 84.1 Gbps 16.56 Mpps 57.2 Minutes
10
computer storage icon Computer Storage Device Manufacturing
350 3.14 Gbps 1.12 Mpps 51.6 Minutes