Key metrics from the 2H 2021 Netscout Threat Intelligence Report
Flag of Brazil

Brazil

The second half of 2021 ushered in a new focus by adversaries, who launched direct-path (non-spoofed) DDoS attacks using botnets and TCP-based floods. This coincided with a drop in DNS and CLDAP amplification, resulting in a decrease in attacks across most countries and regions. The turning point for this decline occurred just before Omicron was discovered, as COVID-19 restrictions were easing and people began returning to physical offices and classrooms. With less time to engage in malicious activity resulting in fewer DDoS attacks, threat actors certainly lend credence to the proverb that idle hands are the devil’s workshop.

Adversaries launched more than 9.7 million DDoS attacks in 2021, just 3% shy of the record-breaking 10 million seen in 2020 and a whopping 14% more than seen pre-pandemic in 2019. So although it’s tempting to simply look at the decrease in overall attacks as threat actors resting on their laurels, the reality is that attackers are innovating and adapting new techniques and methodologies to strengthen and monetize their nefarious behavior.

 

Max Multivector Attack

Max number of vectors seen in a single attack

23

Attack Vectors Used

1. bittorrent amplification
2. chargen amplification
3. cldap amplification
4. dns
5. dns amplification
6. icmp
7. l2tp amplification
8. mdns amplification
9. memcached amplification
10. ms sql rs amplification
11. netbios amplification
12. ntp amplification
13. openvpn amplification
14. ripv1 amplification
15. rpcbind amplification
16. snmp amplification
17. ssdp amplification
18. stun amplification
19. tcp ack
20. tcp rst
21. tcp syn
22. tcp syn/ack amplification
23. udp flood

Top 5 Attack Vectors

Ta

TCP ACK

Number of Attacks

101,258

Tr

TCP RST

Number of Attacks

79,528

Ts

TCP SYN

Number of Attacks

70,445

Dn

DNS Amplification

Number of Attacks

66,680

Tk

TCP SYN/ACK Amplification

Number of Attacks

65,849

Top Ten Vertical Industries Under Attack

The following industry chart shows the most targeted sectors in 2H 2021 by number of attacks.

Rank Vertical Frequency Max Attack Max Impact Average Duration
1
cell phone icon Wireless Telecommunications Carriers (except Satellite)
40,550 126.62 Gbps 28.11 Mpps 46.5 Minutes
2
Wired Telecommunications Resellers icon Wired Telecommunications Carriers
5,102 120.17 Gbps 13.73 Mpps 114.7 Minutes
3
cloud icon with up arrow Data Processing, Hosting + Related Services
3,165 120.17 Gbps 12.09 Mpps 86.3 Minutes
4
laptop icon Electronic Computer Manufacturing
2,668 52.35 Gbps 8.17 Mpps 81.7 Minutes
5
Telecomm Tower icon All Other Telecommunications
2,501 89.25 Gbps 12.09 Mpps 77.6 Minutes
6
shopping cart icon Electronic Shopping + Mail-Order Houses
2,246 52.35 Gbps 12.09 Mpps 76 Minutes
7
Hands in Prayer Religious Org icon Religious Organizations
2,057 56.11 Gbps 4.78 Mpps 248 Minutes
8
radio icon Internet Publishing, Broadcasting + Web Search Portals
1,227 41.14 Gbps 12.09 Mpps 76 Minutes
9
Female doctor with stethoscope icon Offices of Physicians (except Mental Health Specialists)
690 67.54 Gbps 5.74 Mpps 49.6 Minutes
10
Document with PDF icon Software Publishers
680 26.47 Gbps 5.98 Mpps 89.8 Minutes