NETSCOUT SYSTEMS, INC. (NASDAQ: NTCT) has released its latest DDoS Threat Intelligence Report for the first half of 2023, revealing a staggering surge in Distributed Denial of Service (DDoS) attacks. Cybercriminals launched nearly 7.9 million DDoS attacks during this period, marking a significant 31% year-over-year increase.
The report points to various global events, including the Russia-Ukraine conflict and NATO-related activities, as major factors contributing to the spike in DDoS attacks. For instance, in 2022, pro-Russian hacktivists targeted Finland during its NATO bid, and this trend continued as Turkey and Hungary faced DDoS attacks for opposing Finland’s NATO aspirations. In 2023, Sweden experienced a similar wave of DDoS attacks as it pursued NATO membership, with a notable 500 Gbps DDoS attack in May. These ideologically motivated DDoS attacks have affected countries such as the United States, Ukraine, Finland, Sweden, Russia, and several others.
Furthermore, NETSCOUT identified a concerning trend in DDoS attacks targeting wireless telecommunications providers. In the second half of 2022, these attacks saw a global increase of 79%. This trend continued into the first half of 2023, particularly in the APAC region, where there was a staggering 294% increase. This surge aligns with the growing popularity of 5G fixed wireless access among broadband gaming users as providers expand their networks.
NETSCOUT’s insights are drawn from its extensive ATLAS sensor network, developed over decades of collaboration with numerous Internet Service Providers worldwide. This network monitors trends based on an average of 424 Tbps of internet peering traffic, reflecting a 5.7% increase from 2022. The company has also observed a nearly 500% growth in HTTP/S application layer attacks since 2019, as well as a 17% growth in DNS reflection/amplification volumes during the first half of 2023.
Richard Hummel, Senior Threat Intelligence Lead at NETSCOUT, emphasized that while world events and 5G expansion have fueled DDoS attacks, adversaries are continuously evolving their tactics. They are now leveraging bespoke infrastructure like bulletproof hosts and proxy networks to launch attacks. Hummel noted, “The lifecycle of DDoS attack vectors reveals the persistence of adversaries to find and weaponize new methods of attack, while DNS water torture and carpet-bombing attacks have become more prevalent.”
Additional notable findings from the NETSCOUT 1H2023 DDoS Threat Intelligence Report include:
– Carpet-Bombing Attacks Surge: There has been a 55% increase in carpet-bombing attacks, exceeding 724 daily, which NETSCOUT believes is a conservative estimate. These attacks have a significant impact on the global internet, affecting hundreds, if not thousands, of hosts simultaneously. Importantly, this tactic often evades triggering high bandwidth threshold alerts for timely DDoS attack mitigation.
– Rise of DNS Water-Torture Attacks: DNS water-torture attacks have surged by nearly 353% in daily occurrences since the beginning of the year. The top five industries targeted include wired telecom, wireless telecom, data processing hosting, electronic shopping and mail-order companies, and insurance agencies and brokerages.
– Higher Education and Government Under Fire: Adversaries are utilizing various forms of abusable infrastructure to launch attacks. For instance, open proxies were consistently employed in HTTP/S application-layer DDoS attacks against higher education and national government targets. Meanwhile, DDoS botnets were frequently involved in attacks against state and local governments.
– Persistent DDoS Sources: A relatively small number of nodes are responsible for a disproportionate number of DDoS attacks, with an average IP address churn rate of just 10%. Attackers tend to reuse abusable infrastructures, resulting in fluctuating impact as adversaries rotate through different lists of abusable infrastructure every few days.
For more in-depth information, please visit our interactive website to access NETSCOUT’s semi-annual DDoS Threat Intelligence Report. Real-time DDoS attack statistics, maps, and insights are available at NETSCOUT Cyber Threat Horizon. Stay connected with us on Facebook, LinkedIn, and Twitter for the latest updates.