NETSCOUT SYSTEMS, INC., a leading provider of cybersecurity solutions, has released its 1H2023 DDoS Threat Intelligence Report, revealing an alarming increase in Distributed Denial of Service (DDoS) attacks. The report found that cybercriminals launched approximately 7.9 million DDoS attacks in the first half of 2023, representing a significant 31% year-over-year increase.
The surge in DDoS attacks can be attributed to global events such as the Russia-Ukraine war and NATO bids. In 2022, pro-Russian hacktivists targeted Finland during its bid to join NATO. Additionally, Turkey and Hungary faced DDoS attacks for opposing Finland’s bid. This trend continued in 2023, with Sweden experiencing a similar onslaught during its NATO bid, culminating in a massive 500 Gbps DDoS attack in May. Ideologically motivated DDoS attacks have targeted various countries, including the United States, Ukraine, Finland, Sweden, and Russia.
Another notable observation in the report is the increasing frequency of DDoS attacks against wireless telecommunications providers. In the second half of 2022, NETSCOUT documented a 79% global increase in DDoS attacks targeting wireless providers. This trend continued in the APAC region in the first half of 2023, with a staggering 294% increase. The rise in attacks coincides with the growing popularity of broadband gaming users shifting their activities to 5G fixed wireless access as providers expand their networks.
NETSCOUT’s comprehensive insights into the threat landscape are derived from its ATLAS sensor network, built over decades of collaboration with internet service providers worldwide. The company analyzes an average of 424 Tbps of internet peering traffic, revealing significant trends. NETSCOUT has noted a nearly 500% growth in HTTP/S application layer attacks since 2019 and a 17% increase in DNS reflection/amplification volumes in 2023.
Richard Hummel, senior threat intelligence lead at NETSCOUT, highlighted the evolving tactics employed by cybercriminals. “While world events and 5G network expansion have driven an increase in DDoS attacks, adversaries continue to evolve their approach to be more dynamic,” said Hummel. He explained that attackers are leveraging bespoke infrastructures, such as bulletproof hosts or proxy networks, to launch attacks. Hummel also emphasized the prevalence of DNS water torture and carpet-bombing attacks.
The NETSCOUT 1H2023 DDoS Threat Intelligence Report also sheds light on other key findings. Firstly, there has been a resurgence in carpet-bombing attacks, with a 55% increase since the beginning of the year, surpassing 724 daily attacks. These attacks inflict significant harm on the global internet and are capable of spreading to hundreds or even thousands of hosts simultaneously. Moreover, DNS water-torture attacks have become commonplace, showing a nearly 353% increase in daily attacks since the start of 2023. Industries such as wired telecom, wireless telecom, data processing hosting, electronic shopping and mail-order companies, and insurance agencies and brokerages, are among the top targets.
The report also reveals that higher education institutions and governments have been disproportionately targeted by DDoS attacks. Cybercriminals exploit various types of infrastructure to launch these attacks. For instance, open proxies are consistently used in HTTP/S application-layer DDoS attacks against higher education and national government targets. Meanwhile, DDoS botnets feature frequently in attacks against state and local governments.
NETSCOUT’s findings also indicate that DDoS sources exhibit persistence, with a small number of nodes involved in a disproportionate number of attacks. These attackers tend to re-use abusable infrastructures, resulting in an average IP address churn rate of only 10%. Although the impact fluctuates, adversaries rotate through different lists of abusable infrastructure every few days.
To delve deeper into the insights provided in the report, interested parties can visit NETSCOUT’s interactive website. Additionally, real-time DDoS attack statistics, maps, and insights can be found on the NETSCOUT Cyber Threat Horizon platform. NETSCOUT can also be followed on social media platforms such as Facebook, LinkedIn, and Twitter.
NETSCOUT SYSTEMS, INC. is a prominent player in the field of cybersecurity, protecting the connected world from cyberattacks and ensuring performance and availability. The company’s unique visibility platform and solutions, powered by deep packet inspection at scale technology, serve the world’s largest enterprises, service providers, and public sector organizations.
In conclusion, the NETSCOUT 1H2023 DDoS Threat Intelligence Report underscores the increasing threat posed by DDoS attacks around the world. As cybercriminals continue to adapt and evolve their tactics, organizations must strengthen their cybersecurity defenses to safeguard against the growing menace of DDoS attacks.