Flag of United States

United States

Key Metrics from the 2H 2020 NETSCOUT Threat Intelligence Report

As the COVID-19 pandemic triggered a massive shift in internet usage, cybercriminals quickly pounced, launching more than 10 million DDoS attacks aimed at crippling the very online services essential to remote work and online life. Vital pandemic industries such as ecommerce, streaming services, online learning, and healthcare all experienced increased attention from malicious actors, including those behind the Lazarus Bear Armada campaign of DDoS extortion attacks that hit thousands of companies worldwide. As the COVID-19 pandemic extends into 2021, we can logically expect to see threat actors targeting vulnerabilities exposed by the global crisis as well as discovering and using new attack vectors that poke at the weak spots of our new normal.

Impact Analysis

This was a record-breaking year for DDoS attacks—and that has to have an impact on global infrastructure, since DDoS attackers don’t pay for transit costs. Instead, that cost is generally passed down to everyone who uses the internet. So we continued to dig into the details of how much traffic on the global internet is due solely to DDoS attacks by calculating the DDoS Attack Coefficient (DAC). This measurement illustrates the continual presence of DDoS traffic across all regions. In essence, it shows the “DDoS tax” that we all end up paying.

Bandwidth Impact Percentage Change

July 223.7 Mpps, August 199.9 Mpps, September 157.2 Mpps, October 170.0 Mpps, November 221.6 Mpps, December 304.9 Mpps

Throughput Impact Percentage Change

July 1,262.1 Gbps, August 745.6 Gbps, September 774.6 Gbps, October 597.5 Gbps, November 750.9 Gbps, December 592.3 Gbps

Top Ten Vertical Industries Under Attack

The following industry chart shows the most targeted sectors in 2020 by number of attacks.

Rank Vertical Frequency Max Attack Max Impact Average Duration
1
Wired Telecommunications Resellers icon Wired Telecommunications Carriers
174,303 274.5 Gbps 33.7 Mpps 35.1 Minutes
2
cloud icon with up arrow Data Processing, Hosting + Related Services
117,731 380.2 Gbps 46.4 Mpps 71.7 Minutes
3
radio icon Internet Publishing, Broadcasting + Web Search Portals
73,425 380.2 Gbps 46.4 Mpps 107.4 Minutes
4
laptop icon Electronic Computer Manufacturing
51,100 380.2 Gbps 46.4 Mpps 54.2 Minutes
5
shopping cart icon Electronic Shopping + Mail-Order Houses
45,112 274.5 Gbps 32.6 Mpps 76.1 Minutes
6
cell phone icon Wireless Telecommunications Carriers
33,425 380.2 Gbps 46.4 Mpps 44.4 Minutes
7
Telecomm Tower icon Other Telecommunications
26,567 380.2 Gbps 46.4 Mpps 54.2 Minutes
8
educational building icon Colleges, Universities + Professional Schools
17,504 40.5 Gbps 4.5 Mpps 52.5 Minutes
9
Document with PDF icon Software Publishers
11,103 380.2 Gbps 46.4 Mpps 57.7 Minutes
10
woman at laptop icon Computer Training
9,274 21.9 Gbps 3.1 Mpps 68.7 Minutes

IoT

Top Five Username + Password Combinations

root/xc3511 - 7899; admin/admin - 7465; root/vizxv - 6284; guest/12345 - 6273; root/root - 4555

Top Exploits

Exploit Name EDB-ID
/ctrlt/DeviceUpgrade_1 Huawei Router 45991
/ws/v1/cluster/apps Hadoop YARN ResourceManager 45025
/picsdesc.xml Realtex SDK — Miniigd UPnP SOAP 37169
/setup.cgi Netgear Remote Code Execution 43055
/GponForm/diag_Form Dasan GPON home routers -----
Download PDF Download PDF