Responding quickly to attacks that hit the network edge or an Internet-facing service is imperative and changing defenses rapidly to adapt to subtle changes onsite is crucial. Credit: NETSCOUT My personal and professional objectives, like those of many other people, are centered around improving on how I get things done. Or, more importantly, about how to do things more efficiently. One of my favorite things to watch on the attention-sucking platform of TikTok or YouTube Shorts are life hacks. Life hacks are supposed to make tasks easier or more efficient to accomplish but, in many cases are simply more complicated.This passion to improve how things are done more efficiently is not isolated to individuals; it spills over into all aspects of our community, including government, retail, service organizations, and the like. And although many of these attempts to be more efficient may help other people, there are also people out there striving to be more efficient in malicious activities.The Bad Guys Want It TooThe bad actors in the distributed denial-of-service (DDoS) world are those people. The bad guys may be motivated by money, competition, or simply power within their specific community. The truth is, they will change their tactics, as we do, to make their actions more efficient, but in most cases, for much different and nefarious reasons.The findings in the latest NETSCOUT DDoS Threat Intelligence Report demonstrate how sophisticated cybercriminals have become more efficient at bypassing defenses with new DDoS attack vectors and successful methodologies. NETSCOUT“By constantly innovating and adapting, attackers are designing new, more effective DDoS attack vectors or doubling down on existing effective methodologies,” says Richard Hummel, threat intelligence lead at NETSCOUT. “In the first half of 2022, attackers conducted more pre-attack reconnaissance, exercised new attack vectors, created a tsunami of TCP flooding attacks, and rapidly expanded high-powered botnets to plague network-connected resources. In addition, bad actors have openly embraced online aggression with high-profile DDoS attack campaigns related to geopolitical unrest, which have had global implications.”TCP Flood Attacks Are Again the Most Popular Vector for DDoS AttackersNETSCOUT’s Active Threat Level Analysis System (ATLAS) compiles DDoS attack statistics from most of the world’s ISPs, large data centers, and government and enterprise networks. This data represents intelligence on attacks occurring in more than 190 countries, 550 industries, and 50,000 autonomous system numbers (ASNs). NETSCOUT’s ATLAS Security Engineering and Response Team (ASERT) analyzes and curates this data to provide unique insights in its biannual report.One key finding that continues a trend that started in early 2021: TCP-based flood attacks (SYN, ACK, RST) remain the most-used attack vector, comprising approximately 46% of all attacks (see Figure 1).Figure 1: Top DDoS attack vectors during the first half of 2022. NETSCOUTState exhaustion attacks target stateful devices that are an integral part of the security stack, such as firewalls and VPN concentrators. These targets are attractive because the attacks can be smaller in size and designed to evade defenses meant for other threats.Figure 2: State flood attacks trend upward. NETSCOUTWhy You Need a Hybrid Defense StrategySo how do you prevent and stop DDoS attacks or, specifically TCP flood attacks? The best practice for protecting your network in today’s ever-changing DDoS attack landscape is a hybrid approach.Protection strategies of the past will suffice in some situations, such as in an attack designed to overwhelm your Internet circuit before traffic arrives on your site. However, attacks specifically designed to evade those protections, such as TCP state exhaustion, are the basis for the new attack landscape. Furthermore, the ability to respond quickly to attacks that dodge the cloud solution and hit the network edge or an Internet-facing service is imperative and having the agility to change defenses rapidly to adapt to subtle changes onsite is crucial.Figure 3: NETSCOUT Omnis AED provides hybrid DDoS defense. NETSCOUTBy implementing comprehensive DDoS defenses such as NETSCOUT’s Arbor Edge Defense (AED) at all edges of the network, network operators can overpower DDoS attack traffic as it enters the network edge (see Figure 3). With edge-based attack detection combined with cloud-scrubbing capacity, automated bilayer communication, indicators of compromise (IoC) analysis, command-and-control (C2) communication blocking, and current, actionable threat intelligence, operators can tackle any DDoS attack before it causes damage.For more information on hybrid, dynamic, comprehensive DDoS protection, download the white paper “An On-Premises Defense Is the Cornerstone for Multilayer DDoS Protection.” Related content brandpost Sponsored by Netscout How to Avoid Getting Crushed Under a Tidal Wave of Traffic Systems with resilience, scale, and a multilayered defense can stop multipurpose application-layer DDoS attacks. By NETSCOUT Mar 09, 2023 4 mins DDoS brandpost Sponsored by Netscout Is Your XDR Strategy Incomplete? Why you can’t have XDR without NDR. By NETSCOUT Mar 07, 2023 5 mins Security brandpost Sponsored by Netscout How 3 Tools Can Revitalize Your Security Strategy Focus on visibility to improve your security posture. By NETSCOUT Mar 07, 2023 4 mins Security brandpost Sponsored by Netscout Protecting the Edge Is More Important Than Ever NETSCOUT’s Omnis Arbor Edge Defense Earns Security Today’s 2022 CyberSecured Award By NETSCOUT Mar 07, 2023 2 mins DDoS PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe