Adversaries Continue Cyberattack Onslaught with Greater Precision and Innovative Attack Methods according to 1H2022 NETSCOUT DDoS Threat Intelligence Report
NETSCOUT SYSTEMS, INC. (NASDAQ: NTCT) today announced findings from its 1H2022 DDoS Threat Intelligence Report. The findings demonstrate how sophisticated cybercriminals have become at bypassing defenses with new DDoS attack vectors and successful methodologies.
"By constantly innovating and adapting, attackers are designing new, more effective DDoS attack vectors or doubling down on existing effective methodologies," said Richard Hummel, threat intelligence lead, NETSCOUT. "In the first half of 2022, attackers conducted more pre-attack reconnaissance, exercised a new attack vector called TP240 PhoneHome, created a tsunami of TCP flooding attacks, and rapidly expanded high-powered botnets to plague network-connected resources. In addition, bad actors have openly embraced online aggression with high-profile DDoS attack campaigns related to geopolitical unrest, which have had global implications."
Deployed in most of the world's ISPs, large data centers, and government and enterprise networks, NETSCOUT Arbor DDoS attack protection solutions send anonymized DDoS attack statistics to NETSCOUT's Active Level Threat Analysis System (ATLAS™). This data, which includes visibility into more than 190 countries, 550 industries, and 50,000 autonomous system numbers (ASNs), is then analyzed and curated by NETSCOUT's ATLAS Security Engineering and Response Team (ASERT) to provide unique insights in the report. No other vendor sees and knows more about DDoS attack activity and best practices in protection than NETSCOUT.
Key findings from the 1H2022 NETSCOUT DDoS Threat Intelligence Report include:
- There were 6,019,888 global DDoS attacks in 1st half of 2022.
- TCP-based flood attacks (SYN, ACK, RST) remain the most used attack vector, with approximately 46% of all attacks continuing a trend that started in early 2021.
- DNS water-torture attacks accelerated into 2022 with a 46% increase primarily using UDP query floods, while carpet-bombing attacks experienced a big comeback toward the end of the second quarter; overall, DNS amplification attacks decreased by 31% from 2H2021 to 1H2022.
- The new TP240 PhoneHome reflection/amplifications DDoS vector was discovered in early 2022 with a record-breaking amplification ratio of 4,293,967,296:1; swift actions eradicated the abusable nature of this service.
- Malware botnet proliferation grew at an alarming rate, with 21,226 nodes tracked in the first quarter to 488,381 nodes in the second, resulting in more direct-path, application-layer attacks.
Geopolitical Unrest Spawns Increased DDoS Attacks
As Russian ground troops entered Ukraine in late February, there was a significant uptick in DDoS attacks targeting governmental departments, online media organizations, financial firms, hosting providers, and cryptocurrency-related firms, as previously documented. However, the ripple effect resulting from the war had a dramatic impact on DDoS attacks in other countries too, including:
- Ireland experienced a surge in attacks after providing service to Ukrainian organizations.
- India experienced a measurable increase in DDoS attacks following its abstention from the UN Security Council and General Assembly votes condemning Russia's actions in Ukraine.
- On the same day, Taiwan endured its single-highest number of DDoS attacks after making public statements supporting Ukraine, as with Belize.
- Finland experienced a 258% increase in DDoS attacks year-over-year, coinciding with its announcement to apply for NATO membership.
- Poland, Romania, Lithuania, and Norway were targeted by DDoS attacks linked to Killnet; a group of online attackers aligned with Russia.
- While the frequency and severity of DDoS attacks in North America remained relatively consistent, satellite telecommunications providers experienced an increase in high-impact DDoS attacks, especially after providing support for Ukraine's communications infrastructure.
- Russia experienced a nearly 3X increase in daily DDoS attacks since the conflict with Ukraine began and continued through the end of the reporting period.
Similarly, as tensions between Taiwan, China, and Hong Kong escalated in 1H2022, DDoS attacks against Taiwan regularly occurred in concert with related public events.
NETSCOUT's DDoS Threat Intelligence Report covers the latest trends and activities in the DDoS threat landscape. It covers data captured from NETSCOUT's ATLAS and expert insights from ASERT.
The visibility and insights compiled from the global DDOS attack data, represented in the DDoS Threat Intelligence Report, and seen in the Omnis Threat Horizon portal, fuel the ATLAS Intelligence Feed (AIF). In addition, AIF continuously arms NETSCOUT's Omnis and Arbor security portfolio enabling them to automatically detect and block threat activity for enterprises and service providers worldwide.
Visit our interactive website for more information on NETSCOUT's semi-annual DDoS Threat Intelligence Report. You can also find us on Facebook, LinkedIn , and Twitter for threat updates and the latest trends and insights.
About NETSCOUT
NETSCOUT SYSTEMS, INC. (NASDAQ: NTCT) protects the connected world from cyberattacks and performance disruptions through advanced network detection and response and pervasive network visibility. Powered by our pioneering deep packet inspection at scale, we serve the world's largest enterprises, service providers, and public sector organizations. Learn more at www.netscout.com or follow @NETSCOUT on LinkedIn, Twitter, or Facebook.
©2022 NETSCOUT SYSTEMS, INC. All rights reserved. NETSCOUT, the NETSCOUT logo, Guardians of the Connected World, Adaptive Service Intelligence, Arbor, ATLAS, Cyber Threat Horizon, InfiniStream, nGenius, nGeniusONE, and Omnis are registered trademarks or trademarks of NETSCOUT SYSTEMS, INC., and/or its subsidiaries and/or affiliates in the USA and/or other countries. Third-party trademarks mentioned are the property of their respective owners.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: https://www.businesswire.com/news/home/20220927005076/en/
Contact information
Editorial Contacts:
Maribel Lopez
Manager, Marketing & Corporate Communications
+1 781 362 4330
maribel.lopez@netscout.com
Chris Shattuck
Finn Partners for NETSCOUT
+1 678 504 6785
NETSCOUT-US@FinnPartners.com
About Business Wire
For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Transition Industries Signs Strategic Agreements for the Pacifico Mexinol Project, the Largest Standalone Ultra-Low Carbon Chemical Production Facility in the World30.6.2025 21:30:00 EEST | Press release
Transition Industries LLC, a developer of world-scale, net-zero carbon emissions methanol and green hydrogen projects in North America, held a signing event for an Engineering, Procurement, and Construction (EPC) contract with the consortium of Samsung E&A Co., Ltd. (Samsung E&A), Grupo Samsung E&A Mexico, S.A. de C.V., and Techint Engineering and Construction for the Pacifico Mexinol project located in Ahome, Sinaloa, Mexico, which is contingent upon the fulfillment of customary conditions precedent and obtainment of all required approvals. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250630940954/en/ MAIRE group’s technology division NextChem, through its subsidiary KT TECH SpA, also signed a Basic Engineering, Critical and Proprietary Equipment Supply Agreement with Samsung E&A in connection with its proprietary NX AdWinMethanol®Zero technology supply to the project. Transition Industries is jointly developing the Pacif
Westinghouse and ITER Sign a $180M Contract to Advance Nuclear Fusion30.6.2025 16:45:00 EEST | Press release
Westinghouse Electric Company and ITER signed a contract for $180 million for the assembly of the vacuum vessel for the fusion reactor. This is a key milestone in the construction of the ITER reactor, leading the way toward the use of fusion as a practical future source of reliable carbon-free energy. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250630497810/en/ The ITER Tokamak pit with the two vacuum vessel sector modules installed. Westinghouse has participated in the fabrication of the sectors of the vacuum vessel, as part of the Fusion for Energy (F4E) Consortium with its partners Ansaldo Nucleare and Walter Tosto. Westinghouse will be responsible for completing the vacuum vessel which is ITER’s most critical component: a hermetically sealed, double-walled steel container that will house the fusion plasma. When all the vacuum vessel sectors are in place, Westinghouse will start the most intensive stage of ITER assembl
Monetate Acquires SiteSpect to Deliver AI-Native Personalization and Testing at Enterprise Scale30.6.2025 16:00:00 EEST | Press release
Monetate, the leading AI-driven personalization platform, today announced it has acquired SiteSpect, a leader in A/B testing, to drive next-generation digital experience optimization. This acquisition accelerates Monetate’s vision to deliver intelligent, intentional, and individualized experiences at scale, powered by agentic AI and backed by the industry’s most advanced, enterprise-grade infrastructure. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250630514541/en/ The combination of Monetate’s real-time personalization and SiteSpect’s zero-flicker testing will yield an industry-first solution for enterprise-grade personalization, testing, and optimization. For the first time, global ecommerce and digital experience leaders can access unified client-side and server-side experimentation with full personalization capabilities in a single solution, designed for scalability and regulatory compliance. Monetate is now the only e
SS&C Blue Prism Recognized as a Gartner® Magic Quadrant™ RPA Leader for the Seventh Consecutive Year30.6.2025 16:00:00 EEST | Press release
SS&C Technologies Holdings, Inc. (Nasdaq: SSNC) today announced that SS&C Blue Prism has been recognized as a Leader in the 2025 Gartner Magic Quadrant for Robotic Process Automation (RPA). “We’re delighted SS&C Blue Prism has been named a Leader in the Gartner Magic Quadrant for Robotic Process Automation for the seventh year running,” said Bill Stone, CEO and Chairman of SS&C Technologies. “SS&C Blue Prism combines market-leading RPA and orchestration technologies with the latest artificial intelligence so organizations can tackle more complex tasks and dynamic business processes. We’ve scaled to more than 2,700 digital workers and AI agents across our own operations, resulting in over $200 million in annual savings. With SS&C leading the charge on deployment, customers can be confident in rolling out SS&C’s automation solutions securely, effectively, and responsibly.” More than 2,800 companies worldwide leverage SS&C Blue Prism for AI-powered automation, helping organizations delive
Takeda Announces U.S. FDA Approval of GAMMAGARD LIQUID ERC, the Only Ready-to-Use Liquid Immunoglobulin Therapy with Low Immunoglobulin A (IgA) Content 130.6.2025 15:00:00 EEST | Press release
Takeda(TSE:4502/NYSE:TAK) today announced that the U.S. Food and Drug Administration (FDA) has approved GAMMAGARD LIQUID ERC [immune globulin infusion (human)] with less than or equal to 2 µg/mL IgA in a 10% solution, the only ready-to-use liquid immunoglobulin (IG) therapy with low immunoglobulin A (IgA) content, as replacement therapy for people two years of age and older with primary immunodeficiency (PI). As a ready-to-use liquid, GAMMAGARD LIQUID ERC may help ease the administration burden for patients and their health care providers by eliminating the need for reconstitution and can be administered intravenously or subcutaneously.1 “The approval of GAMMAGARD LIQUID ERC reinforces our commitment to supporting individualized treatment approaches for people with primary immunodeficiency, including a therapeutic option that has the lowest IgA content of any ready-to-use liquid immunoglobulin therapy, and can be administered intravenously or subcutaneously,” said Kristina Allikmets, s
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom