Adversaries Continue Cyberattack Onslaught with Greater Precision and Innovative Attack Methods according to 1H2022 NETSCOUT DDoS Threat Intelligence Report
27.9.2022 13:05:00 EEST | Business Wire | Press release
NETSCOUT SYSTEMS, INC. (NASDAQ: NTCT) today announced findings from its 1H2022 DDoS Threat Intelligence Report. The findings demonstrate how sophisticated cybercriminals have become at bypassing defenses with new DDoS attack vectors and successful methodologies.
"By constantly innovating and adapting, attackers are designing new, more effective DDoS attack vectors or doubling down on existing effective methodologies," said Richard Hummel, threat intelligence lead, NETSCOUT. "In the first half of 2022, attackers conducted more pre-attack reconnaissance, exercised a new attack vector called TP240 PhoneHome, created a tsunami of TCP flooding attacks, and rapidly expanded high-powered botnets to plague network-connected resources. In addition, bad actors have openly embraced online aggression with high-profile DDoS attack campaigns related to geopolitical unrest, which have had global implications."
Deployed in most of the world's ISPs, large data centers, and government and enterprise networks, NETSCOUT Arbor DDoS attack protection solutions send anonymized DDoS attack statistics to NETSCOUT's Active Level Threat Analysis System (ATLAS™). This data, which includes visibility into more than 190 countries, 550 industries, and 50,000 autonomous system numbers (ASNs), is then analyzed and curated by NETSCOUT's ATLAS Security Engineering and Response Team (ASERT) to provide unique insights in the report. No other vendor sees and knows more about DDoS attack activity and best practices in protection than NETSCOUT.
Key findings from the 1H2022 NETSCOUT DDoS Threat Intelligence Report include:
- There were 6,019,888 global DDoS attacks in 1st half of 2022.
- TCP-based flood attacks (SYN, ACK, RST) remain the most used attack vector, with approximately 46% of all attacks continuing a trend that started in early 2021.
- DNS water-torture attacks accelerated into 2022 with a 46% increase primarily using UDP query floods, while carpet-bombing attacks experienced a big comeback toward the end of the second quarter; overall, DNS amplification attacks decreased by 31% from 2H2021 to 1H2022.
- The new TP240 PhoneHome reflection/amplifications DDoS vector was discovered in early 2022 with a record-breaking amplification ratio of 4,293,967,296:1; swift actions eradicated the abusable nature of this service.
- Malware botnet proliferation grew at an alarming rate, with 21,226 nodes tracked in the first quarter to 488,381 nodes in the second, resulting in more direct-path, application-layer attacks.
Geopolitical Unrest Spawns Increased DDoS Attacks
As Russian ground troops entered Ukraine in late February, there was a significant uptick in DDoS attacks targeting governmental departments, online media organizations, financial firms, hosting providers, and cryptocurrency-related firms, as previously documented. However, the ripple effect resulting from the war had a dramatic impact on DDoS attacks in other countries too, including:
- Ireland experienced a surge in attacks after providing service to Ukrainian organizations.
- India experienced a measurable increase in DDoS attacks following its abstention from the UN Security Council and General Assembly votes condemning Russia's actions in Ukraine.
- On the same day, Taiwan endured its single-highest number of DDoS attacks after making public statements supporting Ukraine, as with Belize.
- Finland experienced a 258% increase in DDoS attacks year-over-year, coinciding with its announcement to apply for NATO membership.
- Poland, Romania, Lithuania, and Norway were targeted by DDoS attacks linked to Killnet; a group of online attackers aligned with Russia.
- While the frequency and severity of DDoS attacks in North America remained relatively consistent, satellite telecommunications providers experienced an increase in high-impact DDoS attacks, especially after providing support for Ukraine's communications infrastructure.
- Russia experienced a nearly 3X increase in daily DDoS attacks since the conflict with Ukraine began and continued through the end of the reporting period.
Similarly, as tensions between Taiwan, China, and Hong Kong escalated in 1H2022, DDoS attacks against Taiwan regularly occurred in concert with related public events.
NETSCOUT's DDoS Threat Intelligence Report covers the latest trends and activities in the DDoS threat landscape. It covers data captured from NETSCOUT's ATLAS and expert insights from ASERT.
The visibility and insights compiled from the global DDOS attack data, represented in the DDoS Threat Intelligence Report, and seen in the Omnis Threat Horizon portal, fuel the ATLAS Intelligence Feed (AIF). In addition, AIF continuously arms NETSCOUT's Omnis and Arbor security portfolio enabling them to automatically detect and block threat activity for enterprises and service providers worldwide.
Visit our interactive website for more information on NETSCOUT's semi-annual DDoS Threat Intelligence Report. You can also find us on Facebook, LinkedIn , and Twitter for threat updates and the latest trends and insights.
About NETSCOUT
NETSCOUT SYSTEMS, INC. (NASDAQ: NTCT) protects the connected world from cyberattacks and performance disruptions through advanced network detection and response and pervasive network visibility. Powered by our pioneering deep packet inspection at scale, we serve the world's largest enterprises, service providers, and public sector organizations. Learn more at www.netscout.com or follow @NETSCOUT on LinkedIn, Twitter, or Facebook.
©2022 NETSCOUT SYSTEMS, INC. All rights reserved. NETSCOUT, the NETSCOUT logo, Guardians of the Connected World, Adaptive Service Intelligence, Arbor, ATLAS, Cyber Threat Horizon, InfiniStream, nGenius, nGeniusONE, and Omnis are registered trademarks or trademarks of NETSCOUT SYSTEMS, INC., and/or its subsidiaries and/or affiliates in the USA and/or other countries. Third-party trademarks mentioned are the property of their respective owners.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: https://www.businesswire.com/news/home/20220927005076/en/
Contact information
Editorial Contacts:
Maribel Lopez
Manager, Marketing & Corporate Communications
+1 781 362 4330
maribel.lopez@netscout.com
Chris Shattuck
Finn Partners for NETSCOUT
+1 678 504 6785
NETSCOUT-US@FinnPartners.com
About Business Wire
For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
HY10 Selected Among the First Participants for Visa’s Infinite Private Program14.7.2026 22:46:00 EEST | Press release
HY10, the first financial and lifestyle platform built for globally mobile ultra and high-net-worth individuals, today announced it is among the first businesses selected to participate in Visa's Infinite Private program. Unveiled at the Visa Payments Forum (VPF) in Paris, the launch brings together unlimited-spend payment cards, concierge and lifestyle services into a single integrated platform, powered by Visa's trusted global payments network. The announcement comes as more than 2,000 leaders from banks, fintechs and payment providers gather at Visa Payments Forum to explore the future of commerce and premium financial services. HY10's participation underscores its position at the forefront of premium financial experiences for globally mobile entrepreneurs, investors and families. "Private banking hasn't fundamentally evolved for decades," said Erekle Tokhosashvili, Co-Founder of HY10. "The world's wealthiest individuals are still forced to piece together multiple providers for bank
L&T Technology Services Partners with Anthropic to Deliver AI-Powered Engineering Intelligence for Products and Manufacturing14.7.2026 18:28:00 EEST | Press release
L&T Technology Services Limited (BSE: 540115, NSE: LTTS), a global leader in Engineering Intelligence Solutions & ER&D Consulting Services, today announced a partnership with Anthropic to accelerate Engineering Intelligence by integrating Claude models across engineering processes and LTTS’ AI-powered platforms. The collaboration will help LTTS’ enterprise clients redesign how products and software are developed, enabling faster innovation and improved outcomes at scale. Leveraging Claude across the engineering lifecycle and uniting deep engineering expertise, advanced AI and domain knowledge, LTTS’ Engineering Intelligence discipline will enable clients to create greater value. Rather than automating individual tasks, it enables teams to make faster decisions, streamline workflows and continuously improve how products, manufacturing plants and industrial systems are designed, built and maintained. By integrating Claude models into its platforms including AgenticIQ, PlxAI, Ainfonix™, A
Presidio Investors Announces Sale of ElevATE Semiconductor to Diodes Incorporated14.7.2026 17:56:00 EEST | Press release
Presidio Investors (“Presidio”), a lower middle market private equity firm, today announced that it has entered into a definitive agreement to sell ElevATE Semiconductor, Inc. (“ElevATE”) to Diodes Incorporated (Nasdaq: DIOD) in an all-cash transaction valued at $250 million. ElevATE, headquartered in San Diego, California, is a leading fabless designer of low-power, high-density integrated circuits for the automated test equipment (ATE) industry. The sale marks the successful realization of Presidio’s first continuation fund, which was formed in 2023 to extend the firm’s partnership with ElevATE and support the company’s next phase of growth. The acquisition of ElevATE by a leading global semiconductor company validates the strategy behind the continuation vehicle and delivers a strong outcome for the company, its employees, and Presidio’s investors. Presidio first invested in ElevATE in 2018, when the company was a small, founder-led team of analog chip designers serving the ATE mark
Cessna Citation CJ3 Gen2 and Beechcraft King Air 360 Crimson Edition to make EAA AirVenture show debut14.7.2026 17:30:00 EEST | Press release
Textron Aviation Inc., a Textron Inc. (NYSE:TXT) company, today announced the Cessna Citation CJ3 Gen2 and Beechcraft King Air 360 Crimson Edition are heading to the 2026 Experimental Aircraft Association (EAA) AirVenture in Oshkosh, Wisconsin. Both aircraft will be on display for the first time at the show alongside a broad lineup of Cessna and Beechcraft aircraft. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260714774354/en/ Cessna Citation CJ3 Gen2 and Beechcraft King Air 360 Crimson Edition to make EAA AirVenture show debut “EAA AirVenture is one of the most important opportunities each year for us to connect with customers and the broader aviation community,” said Lannie O’Bannion, senior vice president, Sales & Marketing. “Being on the ground in Oshkosh allows us to showcase the breadth of our portfolio. Events like AirVenture also give us valuable face-to-face time to better understand how our customers operate and
Clearlake Capital Announces Partnership with Databricks to Advance AI-Enabled Investing and Portfolio Value Creation14.7.2026 17:00:00 EEST | Press release
Clearlake Capital Group, L.P. ("Clearlake"), a global investment firm managing integrated platforms spanning private equity, liquid and private credit, and other related strategies, today announced a partnership with Databricks, the Data and AI company, and West Monroe, a global business and technology consulting firm, to accelerate Clearlake’s portfolio companies’ adoption of data, analytics, and AI capabilities. Through the collaboration, Clearlake aims to connect investment, operational, financial, and portfolio data in a secure and scalable environment that accelerates enterprise-wide adoption of AI, drives productivity, and delivers measurable outcomes across the investment lifecycle from deal origination and due diligence to portfolio monitoring and value creation. By pairing cutting-edge technology with deep operational support, the partnership endeavors to help Clearlake’s portfolio companies stay ahead of industry disruption and build durable competitive advantage. “Data and A
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom
