Business Wire

Adversaries Continue Cyberattack Onslaught with Greater Precision and Innovative Attack Methods according to 1H2022 NETSCOUT DDoS Threat Intelligence Report

27.9.2022 13:05:00 EEST | Business Wire | Press release

Share

NETSCOUT SYSTEMS, INC. (NASDAQ: NTCT) today announced findings from its 1H2022 DDoS Threat Intelligence Report. The findings demonstrate how sophisticated cybercriminals have become at bypassing defenses with new DDoS attack vectors and successful methodologies.

"By constantly innovating and adapting, attackers are designing new, more effective DDoS attack vectors or doubling down on existing effective methodologies," said Richard Hummel, threat intelligence lead, NETSCOUT. "In the first half of 2022, attackers conducted more pre-attack reconnaissance, exercised a new attack vector called TP240 PhoneHome, created a tsunami of TCP flooding attacks, and rapidly expanded high-powered botnets to plague network-connected resources. In addition, bad actors have openly embraced online aggression with high-profile DDoS attack campaigns related to geopolitical unrest, which have had global implications."

Deployed in most of the world's ISPs, large data centers, and government and enterprise networks, NETSCOUT Arbor DDoS attack protection solutions send anonymized DDoS attack statistics to NETSCOUT's Active Level Threat Analysis System (ATLAS™). This data, which includes visibility into more than 190 countries, 550 industries, and 50,000 autonomous system numbers (ASNs), is then analyzed and curated by NETSCOUT's ATLAS Security Engineering and Response Team (ASERT) to provide unique insights in the report. No other vendor sees and knows more about DDoS attack activity and best practices in protection than NETSCOUT.

Key findings from the 1H2022 NETSCOUT DDoS Threat Intelligence Report include:

  • There were 6,019,888 global DDoS attacks in 1st half of 2022.
  • TCP-based flood attacks (SYN, ACK, RST) remain the most used attack vector, with approximately 46% of all attacks continuing a trend that started in early 2021.
  • DNS water-torture attacks accelerated into 2022 with a 46% increase primarily using UDP query floods, while carpet-bombing attacks experienced a big comeback toward the end of the second quarter; overall, DNS amplification attacks decreased by 31% from 2H2021 to 1H2022.
  • The new TP240 PhoneHome reflection/amplifications DDoS vector was discovered in early 2022 with a record-breaking amplification ratio of 4,293,967,296:1; swift actions eradicated the abusable nature of this service.
  • Malware botnet proliferation grew at an alarming rate, with 21,226 nodes tracked in the first quarter to 488,381 nodes in the second, resulting in more direct-path, application-layer attacks.

Geopolitical Unrest Spawns Increased DDoS Attacks
As Russian ground troops entered Ukraine in late February, there was a significant uptick in DDoS attacks targeting governmental departments, online media organizations, financial firms, hosting providers, and cryptocurrency-related firms, as previously documented. However, the ripple effect resulting from the war had a dramatic impact on DDoS attacks in other countries too, including:

  • Ireland experienced a surge in attacks after providing service to Ukrainian organizations.
  • India experienced a measurable increase in DDoS attacks following its abstention from the UN Security Council and General Assembly votes condemning Russia's actions in Ukraine.
  • On the same day, Taiwan endured its single-highest number of DDoS attacks after making public statements supporting Ukraine, as with Belize.
  • Finland experienced a 258% increase in DDoS attacks year-over-year, coinciding with its announcement to apply for NATO membership.
  • Poland, Romania, Lithuania, and Norway were targeted by DDoS attacks linked to Killnet; a group of online attackers aligned with Russia.
  • While the frequency and severity of DDoS attacks in North America remained relatively consistent, satellite telecommunications providers experienced an increase in high-impact DDoS attacks, especially after providing support for Ukraine's communications infrastructure.
  • Russia experienced a nearly 3X increase in daily DDoS attacks since the conflict with Ukraine began and continued through the end of the reporting period.

Similarly, as tensions between Taiwan, China, and Hong Kong escalated in 1H2022, DDoS attacks against Taiwan regularly occurred in concert with related public events.

NETSCOUT's DDoS Threat Intelligence Report covers the latest trends and activities in the DDoS threat landscape. It covers data captured from NETSCOUT's ATLAS and expert insights from ASERT.

The visibility and insights compiled from the global DDOS attack data, represented in the DDoS Threat Intelligence Report, and seen in the Omnis Threat Horizon portal, fuel the ATLAS Intelligence Feed (AIF). In addition, AIF continuously arms NETSCOUT's Omnis and Arbor security portfolio enabling them to automatically detect and block threat activity for enterprises and service providers worldwide.

Visit our interactive website for more information on NETSCOUT's semi-annual DDoS Threat Intelligence Report. You can also find us on Facebook, LinkedIn , and Twitter for threat updates and the latest trends and insights.

About NETSCOUT
NETSCOUT SYSTEMS, INC. (NASDAQ: NTCT) protects the connected world from cyberattacks and performance disruptions through advanced network detection and response and pervasive network visibility. Powered by our pioneering deep packet inspection at scale, we serve the world's largest enterprises, service providers, and public sector organizations. Learn more at www.netscout.com or follow @NETSCOUT on LinkedIn, Twitter, or Facebook.

©2022 NETSCOUT SYSTEMS, INC. All rights reserved. NETSCOUT, the NETSCOUT logo, Guardians of the Connected World, Adaptive Service Intelligence, Arbor, ATLAS, Cyber Threat Horizon, InfiniStream, nGenius, nGeniusONE, and Omnis are registered trademarks or trademarks of NETSCOUT SYSTEMS, INC., and/or its subsidiaries and/or affiliates in the USA and/or other countries. Third-party trademarks mentioned are the property of their respective owners.

To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.

Contact information

Editorial Contacts:

Maribel Lopez
Manager, Marketing & Corporate Communications
+1 781 362 4330
maribel.lopez@netscout.com

Chris Shattuck
Finn Partners for NETSCOUT
+1 678 504 6785
NETSCOUT-US@FinnPartners.com

About Business Wire

For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.

Subscribe to releases from Business Wire

Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Business Wire

KATE Launches "KABUKE: Break Convention" Kabuki-Inspired International Campaign17.7.2026 10:00:00 EEST | Press release

Global cosmetics brand KATE launched “KABUKE: Break Convention,” a new international campaign drawing on elements of Kabuki, the traditional Japanese performing art. The campaign debuted on Wednesday, July 8, 2026. In this campaign, KATE’s shadow enhancing makeup—rooted in Japanese aesthetics—was paired with the Kabuki spirit inherited from traditional Kabuki theater to communicate the value of individuality and self‑expression through makeup on a global scale. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260708829427/en/ KATE international campaign “KABUKE: Break Convention” key visual. Dedicated website: https://www.kate-global.net/my/special/kate_kabuki/ Since its founding, KATE has championed the slogan “NO MORE RULES.,” offering makeup that defies convention and empowers individuals to express their identity and bring out confidence. At the heart of this vision is the brand’s signature shadow enhancing makeup approach

Yoshihiro Shimamura Joins the Marché du Film’s “Investors Circle 2026” as an Invited Investor, Backing a New Feature Film17.7.2026 04:00:00 EEST | Press release

Shimamura Yoshihiro Film Production Co., Ltd. (Head office: Osaka, Japan; Representative Director: Yoshihiro Shimamura), a company active in film production and investment, today announced that Representative Director Yoshihiro Shimamura has decided to invest in an international feature film after being invited to the “Investors Circle 2026” — a distinction that reflects his standing as one of the field’s most highly regarded producers and investors. Hosted by the Marché du Film, the business arm of the Festival de Cannes and one of the world’s largest film markets, the Investors Circle is an invitation-only summit that connects a select group of private investors with high-end feature films during early-stage financing. Held in Cannes, France, May 16-17, 2026, it brings internationally acclaimed directors and producers together with investors around a curated slate of projects in development. During the summit, Shimamura attended private pitching sessions and, after individual meeting

Meiji Seika Pharma: Results from the Global Phase III Trial (Integral-2) of Nacubactam, a Novel β-Lactamase Inhibitor, Highlighted in The Lancet Microbe ’s Coverage of ESCMID Global Congress 202617.7.2026 04:00:00 EEST | Press release

Meiji Seika Pharma Co., Ltd. (Headquarters: Tokyo, President and Representative Director: Toshiaki Nagasato) today announced that results from the global Phase III trial (Integral-2) of nacubactam (Development Code: OP0595), a novel β-lactamase inhibitor, were highlighted in The Lancet Microbe’s coverage of ESCMID Global Congress 2026 (held in Munich, Germany). As highlighted in The Lancet Microbe’s coverage, the key findings presented by Meiji Seika Pharma at ESCMID Global Congress 2026 are as follows: The Integral-2 study (jRCT2031230076) is a global Phase III clinical trial that enrolled patients with complicated urinary tract infections, acute uncomplicated pyelonephritis, hospital-acquired bacterial pneumonia, ventilator-associated bacterial pneumonia, or complicated intra-abdominal infections caused by carbapenem-resistant Gram-negative bacteria (excluding Acinetobacter species). The study has achieved the prespecified study objectives. For the primary endpoint of overall treatme

Takeda’s Zasocitinib Demonstrates Consistent, High Rates of Skin Clearance Across the Body, Including Hard-to-Treat and High-Impact Sites, in Phase 3 Psoriasis Studies17.7.2026 01:00:00 EEST | Press release

Takeda (TSE:4502/NYSE:TAK) announced new data from the two pivotal Phase 3 studies of zasocitinib (TAK-279), a next-generation, highly selective and potent oral tyrosine kinase 2 (TYK2) inhibitor, in adults with moderate-to-severe plaque psoriasis (PsO).1 Presented at the 2026 American Academy of Dermatology (AAD) Innovation Academy, these secondary endpoint data show that zasocitinib demonstrated consistent and high rates of skin clearance across hard-to-treat, high-impact sites, including the scalp, nails, palms and soles, compared with placebo.1-5 These data build on the topline results from the Phase 3 randomized, multicenter, double-blind, placebo- and active comparator-controlled LATITUDE PsO 3001 and 3002 studies.2,6 In those studies, about 70% of patients treated with zasocitinib achieved static Physician Global Assessment (sPGA) 0/1 (clear or almost clear skin) at week 16, with a significantly greater Psoriasis Area and Severity Index (PASI) 75 response rate seen as early as w

Merz Completes Inaugural €450 Million Schuldschein Loan Issuance17.7.2026 00:36:00 EEST | Press release

The Merz Group has successfully completed its first-ever Schuldschein loan issuance, placing a total volume of €450 million in the debt capital market – a multiple of three relating to the launch volume. The debut transaction was significantly oversubscribed and attracted strong interest from all investor groups. The proceeds were settled and paid out today. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260716926041/en/ Dr. Almuth Steinkühler, Chief Financial Officer Merz Group The transaction comprises both fixed- and floating-rate tranches with maturities of three, five, seven, and ten years. Around 50 German and international investors participated, representing a broad range of institutions, including private banks, German federal state-owned banks, public savings banks, cooperative banks, pension funds and occupational pension institutions. With the successful placement, Merz has further diversified its funding base by

In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.

Visit our pressroom
World GlobeA line styled icon from Orion Icon Library.HiddenA line styled icon from Orion Icon Library.Eye