Key metrics from the 1H 2022 Netscout DDoS Threat Intelligence Report / ISSUE 9: FINDINGS FROM 1ST HALF 2022

Flag of Brazil

Brazil

Despite a slight decrease in DDoS attack frequency toward the end of 2021, adversaries unfortunately ramped up their nefarious activities in 1H 2022. Not content to simply rest on their laurels, attackers increasingly used powerful DDoS-capable botnets to launch TCP-based direct path attacks and often tied them to sociopolitical and entertainment events – think war, politics, religion, and sports.

The end result is that adversaries are constantly innovating, trying new attack methods, vectors, and motivations. EMEA experienced a 7 percent increase in DDoS attacks, with many of those tied to the conflict between Russia and Ukraine. The APAC region experienced about 8,600 DDoS attacks per day – or a new attack launched every 10 seconds. The LATAM region experienced an increase of 125 percent in botnet-based TCP floods. And North America experienced 1.04 million DDoS attacks in the six-month period, with adversaries increasingly targeting cloud-related service providers and even primary schools.

Max Multivector Attack

Max number of vectors seen in a single attack

21

Attack Vectors Used

1. chargen Amplification
2. CLDAP Amplification
3. DNS
4. DNS Amplification
5. ICMP
6. ISAKMP
7. mDNS Amplification
8. memcached Amplification
9. MS SQL RS Amplification
10. NetBIOS Amplification
11. NTP Amplification
12. RIPv1 Amplification
13. rpcbind Amplification
14. SNMP Amplification
15. SSDP Amplification
16. TCP ACK
17. TCP RST
18. TCP SYN
19. Ubiquiti Amplification
20. UDP
21. Unreal-tournament Amplification

Top 5 Attack Vectors

Ta

TCP ACK

Number of Attacks

77,375

Dn

DNS Amp

Number of Attacks

55,226

Tr

TCP RST

Number of Attacks

44,265

Ts

TCP SYN

Number of Attacks

43,415

Tk

TCP SYN/ACK Amp

Number of Attacks

42,184

Top Ten Vertical Industries Under Attack

The following industry chart shows the most targeted sectors in 1H 2022 by number of attacks.

Rank Vertical Frequency Max Attack Max Impact Average Duration
1
cell phone icon Wireless Telecommunications Carriers (except Satellite)
37,442 299 Gbps 63 Mpps 9128 Minutes
2
three wires with plugs icon Wired Telecommunications Carriers
14,715 450 Gbps 98 Mpps 4431 Minutes
3
cell tower icon All Other Telecommunications
3,194 25 Gbps 15 Mpps 1864 Minutes
4
hands in prayer icon Religious Organizations
2,265 1 Gbps 0 Mpps 10498 Minutes
5
vault icon Commercial Banking
463 6 Gbps 0 Mpps 4460 Minutes
6
Data Processing Hosting and Related Services
383 38 Gbps 4 Mpps 44544 Minutes
7
Electronic Computer Manufacturing
194 17 Gbps 40 Mpps 1785 Minutes
8
Internet Publishing and Broadcasting and Web Search Portals
99 2 Gbps 0 Mpps 852 Minutes
9
Offices of Physicians (except Mental Health Specialists)
91 0 Gbps 0 Mpps 2389 Minutes
10
Computer Storage Device Manufacturing
90 3 Gbps 2 Mpps 569 Minutes