Netscout Systems, a prominent performance management, cybersecurity, and DDoS protection solutions provider, has released its 5th Anniversary DDoS Threat Intelligence Report, indicating a new wave of multi-vector attacks targeting victims through application-layer and botnet-driven direct-path methods. Since Netscout’s first report in 2005, attack frequency has surged tenfold.
HTTP/HTTPS application-layer attacks have spiked by 487% since 2019, affecting over one billion websites globally. The most significant increase occurred in the latter half of 2022, primarily driven by the pro-Russian group Killnet and other groups focusing on website attacks. These attacks preceded the Ukraine invasion and disabled essential financial, government, and media sites.
Netscout’s threat intelligence lead, Richard Hummel, stated, “DDoS attacks threaten organizations worldwide and challenge their ability to deliver critical services.” He emphasized the need for adaptive strategies to tackle the evolving DDoS threat landscape, given the growing sophistication and complexity of attackers’ techniques.
Key findings from Netscout’s report include:
- Peak DDoS traffic alert in a single day reached 436 petabits and over 75 trillion packets. Service providers filtered out a large portion of this traffic, while enterprises removed an additional daily average of 345 terabytes of unwanted traffic.
- Direct-path attacks increased by 18% in the past 3 years, while traditional reflection and amplification attacks decreased by nearly the same, underscoring the need for a hybrid defense approach.
- The national security sector of the US experienced a staggering 16,815% increase in attacks related to the pro-Russia Killnet group, including spikes following President Biden’s G7 Summit remarks and renewed support for Ukraine from the French and U.S. presidents.
- In 2022, Netscout ASERT analysts identified over 1.35 million bots from malware families like Mirai, Meris, and Dvinis. Enterprises received over 350,000 security-related alerts with botnet involvement, while service providers received around 60,000 alerts with bot presence.
- Carpet-bombing attacks, targeting entire IP address ranges simultaneously, increased by 110% between the first and second halves of 2022, primarily affecting ISP networks.
- The EMEA’s optical instrument and lens manufacturing sector suffered a 14,137% increase in DDoS attacks, mainly targeting one major distributor with over 6,000 attacks in four months.
- DDoS attacks on the wireless telecommunications industry grew by 79% since 2020, primarily due to the rise of 5G wireless home use. These attacks represented 20% of all DDoS attacks on a specific industry, second only to wired telecommunications carriers.
Netscout’s DDoS Threat Intelligence Report offers insights into the latest DDoS threat landscape trends and activities. The report combines data from Netscout’s ATLAS and expert analysis from ASERT, Netscout’s security research team. ATLAS, part of Netscout’s Visibility Without Borders approach, monitors over 400 Tbps of international transit every second through a sensor network created in collaboration with more than 500 ISPs. Consequently, ATLAS collects daily DDoS attack statistics from an average of 93 countries, covering over 50% of global internet traffic.
The global attack data visibility and insights in the DDoS Threat Intelligence Report and the Netscout Threat Horizon portal power the ATLAS Intelligence Feed (AIF), which continuously equips Netscout’s security portfolio to automatically detect, adapt, and block threat activity for enterprises and service providers worldwide.
Link to download the report: https://www.netscout.com/threatreport
