Netscout Reports a Sixfold Increase in DDoS Attacks Since 2019

Highlights:

• The research highlights include peak distributed denial-of-service alert traffic exceeding 436 petabits and more than 75 trillion daily packets.
• Most of the surge is attributable to the pro-Russian organization Killnet and other groups targeting websites.

A recent cybersecurity firm Netscout Systems Inc. analysis demonstrates an astounding growth in application-layer and botnet-based direct-path attacks.

Since 2019, according to Netscout’s 5th Anniversary DDoS Threat Intelligence Report, the number of attacks has increased by 487%, with the most substantial increase coming in the second half of 2022. Most of the surge is attributable to the pro-Russian organization Killnet and other groups targeting websites.

The research highlights include peak distributed denial-of-service alert traffic exceeding 436 petabits and more than 75 trillion packets in one day. Service providers are believed to have deleted a significant portion of this traffic, while companies eradicated an extra 345 terabytes of unnecessary data every day on average.

In the past three years, direct-path attacks have risen by 18%, while classic reflection/amplification attacks have fallen by approximately the same pace, underlining the necessity for a hybrid defense approach to withstand the shifting attack methods.

The national security sector of the United States has experienced an upsurge of 16,815% in attacks associated with the pro-Russian organization Killnet. After President Biden’s public statements at the G7 Summit, the number of attacks on Killnet spiked significantly. Another increase happened the same day the French and American presidents renewed their support for Ukraine.

In 2022, Netscout’s ASERT analysts tracked over 1.35 million bots from malware families such as Mirai, Meris, and Dvinis, and companies received over 350 thousand security-related warnings involving botnets. In comparison, service providers got over 60,000 bot-related notifications.

The number of carpet-bombing attacks, which concurrently target whole IP address ranges, surged by 110% between the first and second halves of 2022, with most strikes aimed against internet service provider networks.

Notable attacks in the study include:

• DDoS attacks increased in the lens production and optical instrument industry,
• Resulting in a rise of 14,137%,
• Primarily targeting one large distributor with over 6,000 attacks in four months.

After 2020 and the rise in 5G wireless at homes, DDoS attacks on the wireless telecommunications industry have increased by 79%. It showcases 20% of all DDoS attacks on a specific industry, second to wired telecommunications providers.

Richard Hummel, Threat Intelligence Lead at Netscout, said, “DDoS attacks threaten organizations worldwide and challenge their ability to deliver critical services. With multi-terabit-per-second attacks now commonplace and bad actors’ arsenals growing in sophistication and complexity, organizations need a strategy that can quickly adapt to the dynamic nature of the DDoS threat landscape.”