NETSCOUT recently released its semi-annual Threat Intelligence Report with deep insights into the notably distributed denial-of-service (DDoS) and cyber activity during the second half of 2021. The report contains troves of valuable information about the ongoing threat posed to organizations across the public and private sectors, including government agencies and other public sector organizations.
As always, this latest edition of the report is chock-full of DDoS attack statistics, trends, and insights from the elite NETSCOUT ATLAS Security Engineering and Research Team (ASERT). And the data from this most recent report tells a simple and somewhat frightening story; DDoS attacks continue to be a major threat and are becoming more sophisticated.
While there are numerous, useful findings and insights into the current threat landscape included in the report, there are seven findings that truly stand out and that every cybersecurity professional should be aware of. Each raises a significant concern and should be part of any discussion around how to bolster the cybersecurity posture of organizations across the public sector.
Here are what we consider the seven most imperative findings from the latest Threat Intelligence Report.
- DDoS attacks continued to exceed pre-pandemic levels. During the second half of 2021, cybercriminals launched approximately 4.4 million DDoS attacks, bringing the total number of DDoS attacks in 2021 to 9.75 million. These attacks represent a 3 percent decrease from the record number set during the height of the pandemic but continue at a pace that’s 14 percent above pre-pandemic levels.
- DDoS extortion and ransomware operations increased. Three high-profile DDoS extortion campaigns simultaneously operating worldwide is a new high. Ransomware gangs including Avaddon, REvil, BlackCat, AvosLocker, and Suncrypt were observed using DDoS to extort victims. The number of triple extortion attacks consisting of DDoS, data theft, and ransomware also increased in 2021.
- VoIP services were targets of DDoS extortion. Worldwide DDoS extortion attack campaigns from the REvil copycat were waged against several Voice over Internet Protocol (VoIP) services providers, costing millions of dollars of damage.
- DDoS-for-hire services made attacks easy to launch. NETSCOUT ASERT examined 19 DDoS-for-hire services and their capabilities that eliminate the technical requirements and cost (e.g., some are free) of launching massive DDoS attacks.
- Server-class botnet armies arrived. Cybercriminals have not only increased the number of Internet of Things (IoT) botnets but also have conscripted high-powered servers and high-capacity network devices, as seen with the GitMirai, Meris, and Dvinis botnets.
- Direct-path attacks are gaining in popularity. Adversaries inundated organizations with TCP- and UDP-based floods, otherwise known as direct-path or non-spoofed attacks.
- Attackers targeted select industries. Those hardest hit include software publishers (606% increase); insurance agencies and brokers (257% increase); computer manufacturers (162% increase); and colleges, universities, and professional schools (102% increase).
With DDoS activity increasing, government cybersecurity professionals and cyber warriors need to have an understanding of DDoS attack trends and bad-actor tactics, techniques, and procedures. This level of understanding and knowledge is essential for preparing an adequate cyber defense. This knowledge is particularly important now amid the Russian-Ukrainian conflict when DDoS attacks are being leveraged as a form of geopolitical protest and cyberwarfare.
Find the report, explore a real-time and historical view of global DDoS attack activity, and view additional resources on the NETSCOUT Omnis Threat Horizon portal.