Cybercriminals get better at bypassing defenses

Cybercriminals have become more adept at bypassing defenses with new DDoS attack vectors and successful methodologies, according to the latest DDoS Threat Intelligence Report from NETSCOUT.

The report is based on intelligence on attacks occurring in over 190 countries, 550 industries, and 50,000 autonomous system numbers (ASNs). It finds there were over six million DDoS attacks in first half of 2022, with TCP-based flood attacks (SYN, ACK, RST) still the most used attack vector, accounting for around 46 percent.

DNS 'water-torture' attacks accelerated into 2022 with a 46 percent increase primarily using UDP query floods, while carpet-bombing attacks experienced a big comeback toward the end of the second quarter; overall, DNS amplification attacks decreased by 31 percent from the same period last year.

There has been massive growth in malware botnets too, with 21,226 nodes tracked in the first quarter compared to 488,381 nodes in the second. This has resulted in more direct-path, application-layer attacks.

"By constantly innovating and adapting, attackers are designing new, more effective DDoS attack vectors or doubling down on existing effective methodologies," says Richard Hummel, threat intelligence lead at NETSCOUT. "In the first half of 2022, attackers conducted more pre-attack reconnaissance, exercised a new attack vector called TP240 PhoneHome, created a tsunami of TCP flooding attacks, and rapidly expanded high-powered botnets to plague network-connected resources. In addition, bad actors have openly embraced online aggression with high-profile DDoS attack campaigns related to geopolitical unrest, which have had global implications."

There have also been more geopolitical attacks, mainly focusing on the war in Ukraine. Ireland experienced a surge in attacks after providing service to Ukrainian organizations, and Finland experienced a 258 percent increase in DDoS attacks year-on-year, coinciding with its announcement to apply for NATO membership.

While the frequency and severity of DDoS attacks in North America has remained relatively consistent, satellite telecommunications providers experienced an increase in high-impact DDoS attacks, especially after providing support for Ukraine's communications infrastructure. Russia meanwhile experienced a nearly three-times increase in daily DDoS attacks since the conflict with Ukraine began and continuing through the end of the reporting period.

The full report is available from the NETSCOUT site.

Image credit: VitalikRadko/depositphotos.com