Attackers are innovating and impacting networks around the world, according to our latest DDoS Threat Intelligence Report Credit: NETSCOUT If there’s one consistent quality shared by all cybercriminals, it’s they never fail to innovate to get what they want – whether that’s to spy; spread mayhem, or access sensitive corporate data, personal information, or lucrative financial details. This certainly holds true for our findings in the newest DDoS Threat Intelligence Report, which launches September 27, 2022. As we discussed in a previous blog, we have changed the formatting of the report to make the data more accessible and reader-friendly, essentially breaking it into eight vignettes that cover geographical findings as well as several troubling trends. In addition to data for four geographical regions — North America, Latin America; Asia Pacific (APAC); and Europe, Middle East, and Africa (EMEA) — the following new sections cover a number of attack trends.Adversaries Evolve and Innovate Attack Methods and VectorsBad actors never stop adapting their strategies for launching successful distributed denial-of-service (DDoS) attacks, which becomes clear by examining three specific types of attacks: DNS water torture, which experienced a 46% increase since 2H 2021; carpet-bombing, which increased after a slight decrease last year; and TCP-based attacks, which dominated the DDoS vector charts. These trends bring into stark relief the need for organizations to adapt thinking, understanding, and defenses to combat DDoS. Adaptive DDoS Attacks and Learning How to Suppress ThemAn adaptive DDoS attack starts when threat actors use advanced reconnaissance to identify target networks. They follow this with continuous efficacy monitoring before quickly changing vectors to counter mitigation. Attackers then use topologically adjacent infrastructure for continuous innovation and vector weaponization. Traditional DDoS defenses have protected internet properties by using detection, classification, traceback, and mitigation technologies for inbound network traffic. However, this approach hasn’t addressed outbound or cross-bound DDoS that uses compromised workstations, Internet of Things (IoT) devices, and high-capacity servers. All of which are being subsumed into botnets and used by adversaries to launch DDoS attacks. It’s vital to understand this strategy and how to suppress this increasingly damaging behavior.War, Religion, and Politics: The New Battleground for DDoSAlthough adversaries never need a new reason to launch attacks, the sociopolitical landscape during the first six months of 2022 provided them with plenty of fodder. Our data shows bad actors targeted countries, governments, companies, communities of interest, and individuals in response to issues related to war, politics, religion, sports, and even entertainment events. In fact, the majority of high-profile DDoS attack campaigns in the first six months of the year correspond with national or regional conflicts that have generated worldwide reactions. The Russia/Ukraine conflict provided ample evidence of this troubling behavior, with attackers targeting those countries and the organizations within them, as well as countries that showed solidarity with either side.Botnets Multiply and Level UpWe continue to see innovation utilizing botnets — groups of malware-infected computing systems known as bots. In fact, our findings indicate a disturbing increase in the use of botnets as adversaries innovate and scale them for greater size and effectiveness. We are now tracking more than 400,000 high-confidence botted nodes, with threat actors increasingly utilizing direct-path attacks sourced from botnets to launch application-layer attacks. In the first half of the year, there was an 11% increase from 2H 2021 in direct-path attacks — almost all of which is attributable to botnet innovation. Learn more about how attackers are innovating and impacting networks around the world in the upcoming DDoS Threat Intelligence Report, due to be available September 27. Meanwhile, check out our real time DDoS attack map. Related content brandpost Sponsored by Netscout How to Avoid Getting Crushed Under a Tidal Wave of Traffic Systems with resilience, scale, and a multilayered defense can stop multipurpose application-layer DDoS attacks. By NETSCOUT Mar 09, 2023 4 mins DDoS brandpost Sponsored by Netscout Is Your XDR Strategy Incomplete? Why you can’t have XDR without NDR. By NETSCOUT Mar 07, 2023 5 mins Security brandpost Sponsored by Netscout How 3 Tools Can Revitalize Your Security Strategy Focus on visibility to improve your security posture. By NETSCOUT Mar 07, 2023 4 mins Security brandpost Sponsored by Netscout Protecting the Edge Is More Important Than Ever NETSCOUT’s Omnis Arbor Edge Defense Earns Security Today’s 2022 CyberSecured Award By NETSCOUT Mar 07, 2023 2 mins DDoS PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe