NETSCOUT Threat Intelligence saw 8.4 million Distributed Denial of Service (DDoS) attacks last year alone: 23,000 attacks per day, 16 every minute.

DDoS attacks have grown in frequency each year for the past five years, while attackers continue to unleash increasingly sophisticated attacks, says Richard Hummel, Threat Intelligence Manager, NETSCOUT. 

NETSCOUT, in its Threat Intelligence Report, found customer-facing services and applications were targets of DDoS attacks at two-thirds of enterprises. Customers can act as conduits for attacks: adversaries deployed a novel technique that used attacks on client services to access core services at well-protected targets. APT groups are bumping up mobile malware use, while DDoS attacks on mobile networks jumped 64 percent in the second half of 2019. Cyber criminals widely weaponized seven new or increasingly popular DDoS attack vectors in 2019 while adding new techniques to existing methods.

Additional findings include:

  1. New Methods Pump Up Attacks, Bypass Traditional Defenses: Attackers not only combined attack vectors but also made them stronger than the sum of their parts by combining TCP reflection/amplification attacks with carpet-bombing techniques. Meanwhile, adversaries using advanced reconnaissance discovered how to use the client services of well-protected targets like Internet Service Providers (ISP) or financial institutions to amplify attacks against specific enterprises and network operators.
  2. ISPs and Satellite Telecom Pay the Price: Carpet-bombing tactics are reflected in the increased attack activity seen in vertical sectors such as satellite telecommunications, which sustained a 295 percent increase in attack frequency. This is likely a reflection of carpet-bombing attacks on financial institutions in countries across Europe and Asia Minor, in which satellite telecom companies experienced significant collateral damages. 
  3. Mobile Networks, Devices in Attacker Crosshairs: Wireless telecommunications companies experienced a 64 percent increase in DDoS attack frequency year over year. This likely reflects the increased tendency of gamers in many Asian countries to use their phone service as wireless hotspots, as well as the increased popularity of gaming on mobile devices with 4G and LTE connectivity. As gaming continues to be a prime motivation for DDoS attacks, adversaries naturally follow their targets, further leading to the growth in attacks. Meanwhile, APT groups are increasingly using mobile malware— including commercially available apps — to infiltrate international targets as well as monitor internal dissidents and protesters. 
  4. IoT = Intensification of Threats: Botmasters eagerly await the 20.4 billion IoT devices forecast to connect to the internet in 2020, with an ever-growing selection of malware strains to choose from. From 2018 to 2019, we saw a 57 percent increase in Mirai-based variants targeting 17 system architectures. ASERT honeypots reflect this growth with an 87 percent increase in the number of exploit attempts during the latter half of 2019.
  5. WISR Survey Highlights IoT, Cloud Risk: Survey data from the 15th Worldwide Infrastructure Security Report (WISR) shows that infected and compromised endpoint IoT devices are a top concern for enterprises, along with detection/ identification of IoT devices on their networks, software patching and maintenance of IoT devices, and compliance risks posed by IoT. The survey also showed a dramatic increase in DDoS attacks on publicly exposed service infrastructure, reported by 52 percent of service providers in 2019 compared with only 38 percent in the previous year.

“We’ve uncovered some disturbing statistics,” stated Hardik Modi, AVP, engineering, threat and mitigation products, NETSCOUT. “By weaponizing new attack vectors, leveraging mobile hotspots, and targeting compromised endpoint IoT devices, attackers are increasingly finding ways to infiltrate our internet-connected world. They are getting more sophisticated by using a minuscule portion of the available vulnerable devices to carry out a successful attack. The largest OpenVPN DDoS attack we observed used less than one percent of the available reflectors connected to the internet. Botmasters are waiting in the wings, since the risk will only increase in 2020 when an estimated 20.4 billion more devices are connected to the internet.”