Bad actors innovate, extort and launch 9.7m DDoS attacks in 2021

Richard Hummel, Threat Intelligence Lead, NETSCOUT

NETSCOUT Systems, Inc., announced findings from its bi-annual Threat Intelligence Report. During the second half of 2021, cybercriminals launched about 4.4 million Distributed Denial of Service (DDoS) attacks, bringing the total of DDoS attacks in 2021 to 9.75 million.

These attacks represent a 3% decrease from the record number set during the height of the pandemic but continue at a pace that’s 14% above pre-pandemic levels.

NETSCOUT reports a rise in threat actors

The report shows how the second half of 2021 established high-powered botnet armies and rebalanced the scales between volumetric and direct-path attacks, creating sophisticated operating procedures for attackers and adding new tactics and methods to their arsenals.

“While it may be tempting to look at the decrease in overall attacks as threat actors scaling back their efforts, we saw significantly higher activity compared to pre-pandemic levels,” said Richard Hummel, threat intelligence lead, NETSCOUT.

“The reality is that attackers are constantly innovating and adapting new techniques, including the use of server-class botnets, DDoS-for-Hire services, and increased used direct-path attacks that continually perpetuate the advancement of the threat landscape.”

Key findings from NETSCOUT’s Report

Other key findings from the NETSCOUT 2H2021 Threat Intelligence Report include:

DDoS Extortion and ransomware on the rise

Three high-profile DDoS extortion campaigns simultaneously operating is a new high. Ransomware gangs including Avaddon, REvil, BlackCat, AvosLocker, and Suncrypt were observed using DDoS to extort victims. Because of their success, groups have DDoS extortion operators masquerading as affiliates like the recent REvil DDoS Extortion campaign.

VOIP Services were Targets of DDoS Extortion

Global DDoS extortion attack campaigns from the REvil copycat were waged against several VOIP services providers. One VOIP service provider reported $9M-$12M in revenue loss.

DDoS-for-Hire services made attacks easy to launch

NETSCOUT examined 19 DDoS-for-Hire services that eliminate the technical requirements and cost of launching massive DDoS attacks. They offer over 200 different attack types.

APAC attacks increased by 7% as other regions subsided

Amid ongoing geopolitical tensions in China, Hong Kong, and Taiwan, the Asia-Pacific region saw the most significant increase in attacks year over year compared to other regions.

Server-class botnet armies arrived

Cybercriminals have not only increased the number of IoT botnets but have conscripted high-powered servers and high-capacity devices, like the GitMirai, Meris, and Dvinis botnets.

Direct-path attacks are gaining in popularity

Adversaries inundated firms with TCP- and UDP-based floods, known as non-spoofed attacks. A decrease in some amplification attacks drove down the number of total attacks.

Attackers targeted select industries

The NETSCOUT report shows those hardest hit include software publishers (606% increase), insurance agencies and brokers (257% increase), computer manufacturers (162% increase), and colleges, universities, and professional schools (102% increase)

The fastest DDoS attack recorded a 107% year-over-year increase

Using DNS, DNS amplification, ICMP, TCP, ACK, TCP RST, and TCP SYN vectors, the multi-vector attack against a target in Russia recorded 453 Mpps.

NETSCOUT’s Threat Intelligence Report covers the latest trends in the DDoS threat landscape. It covers data captured from NETSCOUT’s Active Level Threat Analysis System (ATLAS™) coupled with insights from NETSCOUT’s ATLAS Security Engineering & Response Team.

The visibility and insights compiled from the global DDOS attack data, which is represented in the Threat Intelligence Report and can be seen in the Omnis Threat Horizon portal, fuel the ATLAS Intelligence Feed used across NETSCOUT’s Omnis security portfolio to detect and block threat activity for enterprises and service providers worldwide.

Visit our website for more information on NETSCOUT’s semi-annual Threat Intelligence Report. You can also find us on FacebookLinkedIn, and Twitter for threat updates.