Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
United States of America
2020 was mostly about more: More frequent, faster, and complex attacks. There was one big exception, however: attack duration, which dropped more than 50 percent globally. Attacks were also more complex, as 15-plus vector attacks spiked 126 percent in popularity year over year. This adds up to some bad math for defenders: Shorter duration + increased complexity = less time to respond to increasingly difficult mitigation scenarios. This attack strategy will likely continue, further highlighting the vital role of advanced and automated DDoS technology.
Impact Analysis
We wanted to understand how much traffic traversing US infrastructure is due solely to DDoS attacks. To find out, we created the DDoS Attack Coefficient (DAC). DAC represents the total sum of DDoS traffic traversing any given region or country in one minute. This allows us to identify the DDoS attack traffic observed by NETSCOUT traveling in and out of the country for the past six months at any point in time. Here, you can clearly see the massive jump in both bandwidth and throughput during March, the height of the pandemic lockdown.
DDoS Statistics
Attack frequency
Max throughput
Average duration
13%
23%
21%
Size
Speed
Duration
Attack types
427.5 GBPS
36.1 MPPS
892 SEC
TCP ACK TCP SYN/ACK
Largest Attack
Top Five Vectors
Attacks by Vector
Max number of vectors seen in a single attack
This number has been steadily increasing since 2017.
24
VECTOR # OF ATTACKS
TCP SYN 245,842
TCP ACK 209,394
TCP RST 197,197
DNS Amplification 178,724
ICMP 171,851
Key Metrics from the 1H 2020 NETSCOUT Threat Intelligence Report
The DDoS Chronicles
US
100
200
300
400
500
600
800
1000
1200
January February
June
4%741.1 Gbps
January248.3 Mpps
711.2 Gbps March14%
615.1 Gbps
March169%
477.6 Mpps
February29%
177.3 Mpps
April55%
215.2 Mpps
May86%
401 Mpps
June38%
249 Mpps
April15%
705.4 Gbps
47%1071.9 Gbps
May3%
728.2 Gbps
Gbp
sM
pps
100
200
300
400
500
600
800
1000
1200
January February
June
4%741.1 Gbps
January248.3 Mpps
711.2 Gbps March14%
615.1 Gbps
March169%
477.6 Mpps
February29%
177.3 Mpps
April55%
215.2 Mpps
May86%
401 Mpps
June38%
249 Mpps
April15%
705.4 Gbps
47%1071.9 Gbps
May3%
728.2 Gbps
Gbp
sM
pps
BANDWIDTH IMPACT PERCENTAGE CHANGE
THROUGHPUT IMPACT PERCENTAGE CHANGE
The Big PictureExplore the full 1H 2020 NETSCOUT Threat Intelligence Report to find the latest research into trends and activities across the global DDoS threat landscape.
© 2020 NETSCOUT SYSTEMS, INC. All rights reserved. NETSCOUT, and the NETSCOUT logo are registered trademarks of NETSCOUT SYSTEMS, INC., and/or its subsidiaries and/or affiliates in the USA and/or other countries. All other brands and product names and registered and unregistered trademarks are the sole property of their respective owners.
SECR_015_EN-2001 09/2020
READ THE REPORT
Top Ten Vertical Industries Under Attack
The DDoS Chronicles: United States of America
RANK VERTICAL FREQUENCY MAX ATTACK MAX IMPACT AVERAGE DURATION
1 Telecommunications206,998
12%
232.7 Gbps
14%
61.6 Mpps
55%
4014.1 Sec
57%
2 Data Processing, Hosting + Related Services
135,770
11%
174.8 Gbps
0%
64.6 Mpps
66%
2836.0 Sec
0%
3 Professional, Scientific + Technical Services
55,362
6%
79.7 Gbps
71%
29.0 Mpps
91%
5818.2 Sec
53%
4 Publishing Industries (except Internet)
50,955
10%
113.2 Gbps
44%
10.6 Mpps
88%
2872.4 Sec
8%
5 Nonstore Retailers41,940
20%
114.7 Gbps
44%
18.8 Mpps
50%
4340.9 Sec
35%
6 Educational Services24,348
13%
44.4 Gbps
17%
8.2 Mpps
36%
3326.8 Sec
68%
7 Computer + Electronic Product Manufacturing
26,401
25%
63.2 Gbps
83%
22.9 Mpps
39%
3452.1 Sec
28%
8 Executive, Legislative + Other General Government Support
8,981
10%
47.8 Gbps
10%
6.5 Mpps
50%
6153.2 Sec
185%
9 Finance + Insurance3,005
24%
40.2 Gbps
14%
8.0 Mpps
45%
2432.0 Sec
19%
10 Ambulatory Health Care Services2,697
7%
36.4 Gbps
76%
7.3 Mpps
96%
2175.2 Sec
5%
IoT
TOP FIVE EXPLOITS
EXPLOIT NAME EDB-ID
/ws/v1/cluster/apps Hadoop YARN ResourceManager 45025
/ctrlt/DeviceUpgrade_1 Huawei Router 45991
/picsdesc.xml Realtex SDK — Miniigd UPnP SOAP 37169
/cgi-bin/ViewLog.asp TrueOnline-ZyXEL-Billion Routers 43884
/login.cgi Multiple Devices — Remote code execution -----2,187
2,489
2,721
3,058
3,759 root/xc3511
admin/admin
guest/12345
root/vizxv
guest/guest5
4
3
2
1
The following industry chart shows the most targeted sectors in 2020 by number of attacks compared to 1H 2019.
TOP FIVE USERNAME + PAS SWORD COMBINATIONS