Many cybercriminals have been bypassing defenses with new distributed denial-of-service (DDoS) attack vectors and methodologies during the first six months of 2022, according to the 1H2022 DDoS Threat Intelligence Report from Netscout.
Key takeaways from Netscout's report include:
- More than 6 million DDoS attacks were reported globally, down 2% year over year.
- The maximum bandwidth of DDoS attacks was 957.9 Gbps, up 57%.
- The max throughput of DDoS attacks was 284.4 Mpps, down 37%.
The report also revealed the following as the top DDoS attack vectors:
- TCP ACK (1.33 million)
- DNS amplification (1.3 million)
- TCP SYN (1.17 million)
- TCP RIST (800,000)
- ICMP (767,000)
TCP-based flood attacks (SYN, ACK, RST) remain the most used attack vector and made up 46% of all DDoS attacks in the first half of 2022, Netscout reported. In addition, cybercriminals increasingly used DNS water-torture attacks and malware botnet proliferation to launch DDoS attacks during this period.
Geopolitical Unrest Drives DDoS Attacks
There was a "significant uptick" in DDoS attacks following Russia's invasion of Ukraine in February 2022, Netscout said in its report. This had a ripple effect on other countries around the world, which is reflected in the following report results:
- Russia experienced a nearly triple increase in daily DDoS attacks since the start of the conflict with Ukraine.
- Ireland experienced a surge in DDoS attacks after it provided service to Ukrainian organizations.
- There was a 258% year-over-year increase in DDoS attacks in Finland after it announced plans to apply for NATO membership.
The report shows there was a decline in DDoS attacks against Ukrainian assets as infrastructure was destroyed or moved out of Ukraine. Conversely, there was a "significant increase" in DDoS attacks against Ireland, where much of those Ukrainian assets were moved.
Adaptive DDOS Suppression Is Key
Cybercriminals continue to find ways to circumvent security technologies and launch DDoS attacks, and organizations must plan accordingly, Netscout noted. Now, organizations can use adaptive DDoS suppression to identify and address DDoS attacks.
Adaptive DDoS suppression empowers organizations to detect and mitigate minute-zero attacks, Netscout pointed out. It provides organizations with anomaly-detection technology, traffic analysis and classification, and allows them to curate threat intelligence. Also, it ensures organizations can watch for cyber threats and stop DDoS attacks.
Along with Netscout, Cloudflare provides an adaptive DDoS suppression platform, which the company launched in September 2022. As organizations look for ways to combat DDoS attacks, more cybersecurity companies may develop and launch adaptive DDoS suppression technologies.