NSFOCUS reveals alarming surge in DDoS attacks in 2022 report
NSFOCUS, has published its 2022 Global DDoS Attack Landscape Report. The report contains in-depth findings to aid organisations and users in defending against DDoS attacks.
The report reveals that the DDoS attack landscape is becoming increasingly difficult to navigate. The number of DDoS attacks has notably surged in 2022, with the frequency of terabit-level attacks increasing to approximately 40. Attacks greater than 100 Gbps also reached record levels, with such scale of attack being reported on an hourly basis. The research analysis shows that the incidence of recurring IP address attacks in 2022 was significantly higher than in 2021, meaning that once identified as a target, a victim is likely to experience repeated DDoS attacks. This continually evolving threat landscape poses fresh obstacles to DDoS protection.
According to the report, UDP-based DDoS attacks were the most prevalent tactic used by cybercriminals, accounting for about 60% of total DDoS threat incidents in 2022. Quite alarmingly, virtually all terabit-level DDoS attacks were found to be UDP-based, including two-thirds of non-reflective UDP attacks. These findings signal that contemporary threat actors have at their disposal an incredibly rich pool of attack resources and can initiate terabit attacks without needing UDP reflection to boost traffic. The rapidly reoccurring colossal DDoS attack trend is now surpassing the capability of on-premises solutions across industries.
The report also draws attention to the growing menace of application-layer DDoS attacks. These attacks are more challenging to identify and shield against as they establish reliable TCP connections, making the attack source IP addresses unforgeable. The report warns that if a large number of application-layer attack source IP addresses remain active in a particular region, it is a significant indication that botnets are operating there.
As has been the case in previous annual DDoS attack landscape reports, NSFOCUS continuously monitors the activity of botnet families. The 2022 report identifies Mirai as the most threatening botnet, accounting for over half of all botnet activities and having the greatest number of compromised machines. Ranked second and third are the Gafgyt and BillGates botnets, respectively. These botnets predominantly exploit crucial vulnerabilities in Linux/IoT systems, with Mirai and Gafgyt exploiting nearly all of the top 20 vulnerabilities. Notably, Mirai was found to have the largest number of command-and-control servers. The United States was the most frequent target of these botnets, frequently followed by China and Germany.