Direct-Path Attacks now make up half of all DDoS attacks: Are you ready for the new DDoS threat landscape?

NETSCOUT SYSTEMS, INC., one of the leading provider of performance management, cybersecurity, and DDoS protection solutions, announced findings from its 5th Anniversary DDoS Threat Intelligence Report that point to a new era of multi-vector attacks focused on taking down victims using application-layer and botnet-based, direct-path attacks.

Attack frequency has increased tenfold since NETSCOUT’s first report in 2005. With over one billion websites worldwide, HTTP/HTTPS application-layer attacks have increased by 487% since 2019, with the biggest surge in the second half of 2022. Much of the increase comes from the pro-Russian group Killnet and others that explicitly target websites. Attacks of this nature preceded the Ukraine invasion, knocking out critical financial, govt, and media sites.

How to protect your firm from the DDoS threat landscape

The latest NETSCOUT DDoS Threat Intelligence Report paints a sobering picture of the DDoS landscape. So, what can firms do to protect themselves? Here are some actionable insights:

Be proactive, not reactive

As Benjamin Franklin once said, “An ounce of prevention is worth a pound of cure.” Don’t wait until you’re under attack to put a plan in place. Develop a DDoS protection strategy that includes regular risk assessments, monitoring, and incident response plans. This approach can help you identify and mitigate potential threats before they become critical issues.

Invest in the right tools

Having the right tools is essential in protecting your business from DDoS attacks. This includes both on-premise and cloud-based solutions that can detect and mitigate attacks quickly. Additionally, investing in advanced threat intelligence tools, such as machine learning and artificial intelligence (AI), can help you stay ahead of evolving threats.

Richard Hummel, threat intelligence lead at NETSCOUT
Richard Hummel, threat intelligence lead at NETSCOUT

“DDoS attacks threaten firms and challenge their ability to deliver critical services. With multi-terabit-per-second attacks now commonplace, and bad actors’ arsenals continuing to grow in sophistication and complexity, firms need a strategy that can adapt to the dynamic nature of the DDoS threat landscape,” said Richard Hummel, threat intelligence lead, NETSCOUT.

Test your defenses

Just like a sports team that practices regularly to stay in shape, testing your defenses regularly can help you identify vulnerabilities and weaknesses. Conduct regular simulations of DDoS attacks to test your defenses and identify areas that need improvement.

Don’t neglect your people

While technology is essential, your people are your first line of defense against DDoS attacks. Educate your employees on the dangers of DDoS attacks, including how to identify and report potential threats. Implement regular training and awareness programs to ensure everyone in your organization is up-to-date on the latest threats and best practices.

Monitor your KPIs

In today’s evolving threat landscape, it is essential to track your Key Performance Indicators (KPIs) to measure the effectiveness of your DDoS protection strategy. This includes metrics such as response time, detection rate, and mitigation rate. Monitor these metrics regularly to identify areas that need improvement and adjust your strategy accordingly.

Remember the words of Jon Snow from Game of Thrones: “Winter is coming.” The DDoS threat landscape is ever-evolving, so it’s vital to be prepared for whatever comes your way.

What else did the latest NETSCOUT’s report reveal?

Additional highlights from NETSCOUT’s findings include:

  • Peak DDoS alert traffic in a single day reached as high as 436 petabits and more than 75 trillion packets. Service providers rigorously scrubbed a large percentage of this traffic, while enterprises eliminated an additional daily aggregate average of 345 terabytes of unwanted traffic.
  • Direct-path attacks have increased by 18% over the past three years, while traditional reflection/amplification attacks decreased by nearly the same, highlighting the need for a hybrid defense approach to weather the fluctuating attack methodology.
  • The U.S. national security sector experienced a massive 16,815% increase in attacks related to the pro-Russia Killnet group, including a spike in attacks after President Biden’s public remarks at the G7 Summit and another spike the same day the French and U.S. presidents re-affirmed their support for Ukraine.
  • NETSCOUT ASERT analysts tracked over 1.35 million bots from malware families like Mirai, Meris, and Dvinis in 2022, with enterprises receiving over 350,000 security-related alerts with botnet involvement. By contrast, service providers received approximately 60,000 alerts where bots were present.
  • Carpet-bombing attacks, a technique that simultaneously targets entire IP address ranges, increased by 110% from the first to the second half of 2022, with most attacks against ISP networks.
  • A barrage of DDoS attacks hammered EMEA’s optical instrument and lens manufacturing sector, resulting in a 14,137% increase, mainly against one major distributor with over 6,000 attacks over four months.
  • DDoS attacks on the wireless telecommunications industry have grown 79% since 2020, primarily due to the increase in 5G wireless to the home. It accounts for 20% of all DDoS attacks for a specific industry, second only to wired telecommunications carriers.

NETSCOUT’s report covers the latest trends and activities in the DDoS threat landscape. It incorporates data from NETSCOUT’s ATLAS – part of the company’s Visibility Without Borders approach – along with expert insights from ASERT, NETSCOUT’s security research team.

ATLAS was built over two decades through work with over 500 Internet Service Providers (ISPs) to create a sensor network that provides visibility into over 400 Tbps of international transit every second of every day. As a result, ATLAS collects DDoS attack statistics from an average of 93 countries daily, encompassing over 50% of the world’s internet traffic.

Visit the website for more on NETSCOUT’s semi-annual DDoS Threat Intelligence Report.

Gerald Ainomugisha is a freelance Content Solutions Provider (CSP) offering both content and copy writing services for businesses of all kinds, especially in the niches of management, marketing and technology.