NETSCOUT detected almost 7.9 million DDoS attacks in the first half of 2023


NETSCOUT released a report on DDoS attacks for the 1st half of 2023. During this period, cybercriminals carried out approximately 7.9 million Distributed Denial of Service (DDoS) attacks, which is 31% more than in the first half of last year. 

Geopolitically driven DDoS attacks

According to the vendor, the increase in the number of DDoS attacks is primarily caused by global events, such as the war in Ukraine as well as Sweden and Finland's NATO membership initiatives.
In the first half of 2023, 762 cyber incidents were recorded, which is twice as many as in the same period last year. Finland was targeted by pro-Russian hacktivists in 2022 during its NATO application process. Turkey and Hungary opposed Finland's membership in the Alliance, and as a result, they also became targets of DDoS attacks. Sweden had a similar experience, also after applying for NATO membership. The situation culminated in a 500 Gbps DDoS attack in May. In general, ideologically driven DDoS attacks have been directed against the United States, Ukraine, Finland, Sweden, Russia, and many other countries.

Changing priorities and hacker approaches to implementing attacks

In the second half of 2022, NETSCOUT recorded a 79% increase in DDoS attacks on wireless telecommunications providers worldwide. This trend continued among wireless providers in Asia Pacific in H1 2023, when the number of attacks increased by 294%. According to NETSCOUT, this is due to many broadband gaming internet users switching to 5G fixed wireless access as providers roll out their networks.
NETSCOUT gathers threat intelligence from its ATLAS sensor network. Built over decades of work with hundreds of ISPs around the world, it identifies trends based on an average of 424 Tbps of peer-to-peer Internet traffic, a 5.7% increase over 2022. Since 2019, the company has seen a nearly 500% increase in HTTP/S application layer attacks and a 17% increase in DNS reflection/amplification in the first half of 2023.
While global events and the expansion of 5G networks have led to an increase in DDoS attacks, attackers continue to evolve their approaches to be more dynamic, using dedicated infrastructure such as bulletproof hosts or proxy networks to launch attacks,” said Richard Hummel, senior director of threat intelligence at NETSCOUT. “The lifecycle of DDoS attack vectors demonstrates the attackers' persistence in finding and exploiting new methods, while DNS waterboarding and carpet bombing have become more common.”

Other key findings from the NETSCOUT 1H2023 DDoS Threat Intelligence Report

There’s an increase in the number of carpet bombings by 55%, to more than 724 attacks per day. These attacks cause significant damage to the global Internet, spreading to hundreds or even thousands of hosts simultaneously. This tactic often avoids triggering bandwidth threshold alerts, making it difficult to resolve the consequences of a DDoS attack in a timely manner.
DNS Water-Torture attacks are becoming common. Since the beginning of the year, the number of daily DNS attacks using the water torture method has increased by almost 353%. The top five most common industries include wired and wireless communications, data hosting, e-commerce and mail order companies, as well as insurance and brokerage companies.
Educational institutions and government resources are disproportionately targeted. Attackers create their own or use various types of malicious infrastructure as platforms for launching attacks. For example, open proxy servers have been consistently used for HTTP/S application-level DDoS attacks against targets in the higher education and public administration sectors. At the same time, DDoS botnets were frequently used to attack state and local governments.
Sources of DDoS attacks are constant. A relatively small number of nodes are involved in a disproportionate number of DDoS attacks, with an average IP churn rate of only 10%, as attackers tend to reuse infrastructure for attacks. Although these nodes are persistent, their impact fluctuates as attackers change the list of available infrastructures every few days.
Visit the NETSCOUT Cyber Threat Horizon to get real-time DDoS attack statistics, maps, and analytics.  

Fill in the form to get the full NETSCOUT DDoS Threat Intelligence Report for the 1st half of 2023.

Дякуємо!

Ми зв'яжемося з вами найближчим часом

Can't send form.

Please try again later.