NETSCOUT SYSTEMS has announced findings from its bi-annual Threat Intelligence Report. During the second half of 2021, cybercriminals launched approximately 4.4 million Distributed Denial of Service (DDoS) attacks, bringing the total number of DDoS attacks in 2021 to 9.75 million
These attacks represent a 3% decrease from the record number set during the height of the pandemic but continue at 14% above pre-pandemic levels.
“While it may be tempting to look at the decrease in overall attacks as threat actors scaling back their efforts, we saw significantly higher activity compared to pre-pandemic levels,” said Richard Hummel, threat intelligence lead, NETSCOUT. “The reality is that attackers are constantly innovating and adapting new techniques, including the use of server-class botnets, DDoS-for-Hire services, and increased used direct-path attacks that continually perpetuate the advancement of the threat landscape.”
Some key findings of NETSCOUT 2H2021 Threat Intelligence Report include:
• DDoS extortion and ransomware operations are on the rise. Three high-profile DDoS extortion campaigns simultaneously operating is a new high. Ransomware gangs including Avaddon, REvil, BlackCat, AvosLocker, and Suncrypt were observed using DDoS to extort victims. Because of their success, ransomware groups have DDoS extortion operators masquerading as affiliates like the recent REvil DDoS Extortion campaign.
• VOIP Services were targets of DDoS Extortion. Worldwide DDoS extortion attack campaigns from the REvil copycat were waged against several VOIP services providers. One VOIP service provider reported $9M-$12M in revenue loss due to DDoS attacks.
• DDoS-for-Hire services made attacks easy to launch. NETSCOUT examined 19 DDoS-for-Hire services and their capabilities that eliminate the technical requirements and cost of launching massive DDoS attacks. When combined, they offer more than 200 different attack types.
• APAC attacks increased by 7% as other regions subsided. Amid ongoing geopolitical tensions in China, Hong Kong, and Taiwan, the Asia-Pacific region saw the most significant increase in attacks year over year compared to other regions.
• Server-class botnet armies arrived. Cybercriminals have not only increased the number of Internet-of-Things (IoT) botnets but have also conscripted high-powered servers and high-capacity network devices, as seen with the GitMirai, Meris, and Dvinis botnets.
• Direct-path attacks are gaining in popularity. Adversaries inundated organisations with TCP- and UDP-based floods, otherwise known as direct-path or non-spoofed attacks. Meanwhile, a decrease in some amplification attacks drove down the number of total attacks.
• Attackers targeted select industries. Those hardest hit include software publishers (606% increase), insurance agencies and brokers (257% increase), computer manufacturers (162% increase), and colleges, universities, and professional schools (102% increase)
• The fastest DDoS attack recorded a 107% year-over-year increase. Using DNS, DNS amplification, ICMP, TCP, ACK, TCP RST, and TCP SYN vectors, the multi-vector attack against a target in Russia recorded 453 Mpps.