Key metrics from the 1H 2021 Netscout Threat Intelligence Report
Flag of United States

United States

The massive shift to online life triggered by the COVID-19 pandemic prompted record-breaking levels of innovation by threat actors, and NETSCOUT’s ATLAS Security Engineering and Response Team (ASERT) expects this long tail of attacker innovation to last well into 2021.

Bad actors launched approximately 5.4 million DDoS attacks in 1H 2021—yet another record-breaking number. In particular, attackers launched unprecedented numbers of DDoS attacks in the first quarter, boosting attack frequency by 20 percent over the same time period in 2020. Meanwhile, adversaries discovered or weaponized seven UDP reflection/amplification DDoS attack vectors and developed adaptive multivector attacks specifically tailored to exploit vulnerabilities of their targets. Vital components of the connectivity supply chain came under increased attack, while ransomware gangs added triple-extortion DDoS tactics to their repertoire and the Fancy Lazarus threat actor launched a new DDoS extortion campaign.

Max Multivector Attack

Max number of vectors seen in a single attack

24

Attack Vectors Used

1. Citrix-ICA amplification
2. CLDAP amplification
3. COAP amplification
4. DNS amplification
5. ICMP
6. IMPI amplification
7. ISAKMP
8. mDNS amplification
9. Memcached amplification
10. MSSQLRS amplification
11. NetBIOS amplification
12. NTP amplification
13. OpenVPN amplification
14. Plex amplification
15. RIPv1 amplification
16. rpcbind amplification
17. SNMP amplification
18. SSDP amplification
19. STUN amplification
20. TCP ACK
21. TCP RST
22. TCP SYN
23. TCP SYN/ACK amplification
24. WS-DD amplification

Top 5 Attack Vectors

Dn

DNS amp

Number of Attacks

357,583

Im

ICMP

Number of Attacks

268,074

Ts

TCP SYN

Number of Attacks

260,169

Ta

TCP ACK

Number of Attacks

252,499

Tr

TCP RST

Number of Attacks

172,814

Top Ten Vertical Industries Under Attack

The following industry chart shows the most targeted sectors in 1H 2021 by number of attacks.

Rank Vertical Frequency Max Attack Max Impact Average Duration
1
Wired Telecommunications Resellers icon Wired Telecommunications Carriers
167,741 384.93 Gbps 50.72 Mpps 31.3 Minutes
2
cloud icon with up arrow Data Processing, Hosting + Related Services
88,508 114.42 Gbps 48.84 Mpps 83.8 Minutes
3
radio icon Internet Publishing, Broadcasting + Web Search Portals
66,947 198.69 Gbps 48.74 Mpps 101.8 Minutes
4
laptop icon Electronic Computer Manufacturing
34,200 100.29 Gbps 20.82 Mpps 63.1 Minutes
5
shopping cart icon Electronic Shopping + Mail-Order Houses
33,157 119.19 Gbps 57.85 Mpps 109.1 Minutes
6
cell phone icon Wireless Telecommunications Carriers (except Satellite)
23,105 90.86 Gbps 19.71 Mpps 45.1 Minutes
7
Telecomm Tower icon All Other Telecommunications
16,256 100.29 Gbps 19.59 Mpps 43.2 Minutes
8
Document with PDF icon Software Publishers
8,574 112.28 Gbps 26.03 Mpps 86.9 Minutes
9
educational building icon Colleges, Universities + Professional Schools
6,046 32.56 Gbps 5.60 Mpps 47.6 Minutes
10
computer storage icon Computer Storage Device Manufacturing
4,996 95.21 Gbps 20.82 Mpps 66.7 Minutes
Download PDF Download PDF