MPPS 892 · in the USA and/or other countries. All other brands and product names and registered and unregistered trademarks are the sole property of their respective owners. SECR_015_EN-2001

United States of America

2020 was mostly about more: More frequent, faster, and complex attacks. There was one big exception, however: attack duration, which dropped more than 50 percent globally. Attacks were also more complex, as 15-plus vector attacks spiked 126 percent in popularity year over year. This adds up to some bad math for defenders: Shorter duration + increased complexity = less time to respond to increasingly difficult mitigation scenarios. This attack strategy will likely continue, further highlighting the vital role of advanced and automated DDoS technology.

Impact Analysis

We wanted to understand how much traffic traversing US infrastructure is due solely to DDoS attacks. To find out, we created the DDoS Attack Coefficient (DAC). DAC represents the total sum of DDoS traffic traversing any given region or country in one minute. This allows us to identify the DDoS attack traffic observed by NETSCOUT traveling in and out of the country for the past six months at any point in time. Here, you can clearly see the massive jump in both bandwidth and throughput during March, the height of the pandemic lockdown.

DDoS Statistics

Attack frequency

Max throughput

Average duration

13%

23%

21%

Size

Speed

Duration

Attack types

427.5 GBPS

36.1 MPPS

892 SEC

TCP ACK TCP SYN/ACK

Largest Attack

Top Five Vectors

Attacks by Vector

Max number of vectors seen in a single attack

This number has been steadily increasing since 2017.

24

VECTOR # OF ATTACKS

TCP SYN 245,842

TCP ACK 209,394

TCP RST 197,197

DNS Amplification 178,724

ICMP 171,851

Key Metrics from the 1H 2020 NETSCOUT Threat Intelligence Report

The DDoS Chronicles

US

100

200

300

400

500

600

800

1000

1200

January February

June

4%741.1 Gbps

January248.3 Mpps

711.2 Gbps March14%

615.1 Gbps

March169%

477.6 Mpps

February29%

177.3 Mpps

April55%

215.2 Mpps

May86%

401 Mpps

June38%

249 Mpps

April15%

705.4 Gbps

47%1071.9 Gbps

May3%

728.2 Gbps

Gbp

sM

pps

100

200

300

400

500

600

800

1000

1200

January February

June

4%741.1 Gbps

January248.3 Mpps

711.2 Gbps March14%

615.1 Gbps

March169%

477.6 Mpps

February29%

177.3 Mpps

April55%

215.2 Mpps

May86%

401 Mpps

June38%

249 Mpps

April15%

705.4 Gbps

47%1071.9 Gbps

May3%

728.2 Gbps

Gbp

sM

pps

BANDWIDTH IMPACT PERCENTAGE CHANGE

THROUGHPUT IMPACT PERCENTAGE CHANGE

The Big PictureExplore the full 1H 2020 NETSCOUT Threat Intelligence Report to find the latest research into trends and activities across the global DDoS threat landscape.

© 2020 NETSCOUT SYSTEMS, INC. All rights reserved. NETSCOUT, and the NETSCOUT logo are registered trademarks of NETSCOUT SYSTEMS, INC., and/or its subsidiaries and/or affiliates in the USA and/or other countries. All other brands and product names and registered and unregistered trademarks are the sole property of their respective owners.

SECR_015_EN-2001 09/2020

READ THE REPORT

Top Ten Vertical Industries Under Attack

The DDoS Chronicles: United States of America

RANK VERTICAL FREQUENCY MAX ATTACK MAX IMPACT AVERAGE DURATION

1 Telecommunications206,998

12%

232.7 Gbps

14%

61.6 Mpps

55%

4014.1 Sec

57%

2 Data Processing, Hosting + Related Services

135,770

11%

174.8 Gbps

0%

64.6 Mpps

66%

2836.0 Sec

0%

3 Professional, Scientific + Technical Services

55,362

6%

79.7 Gbps

71%

29.0 Mpps

91%

5818.2 Sec

53%

4 Publishing Industries (except Internet)

50,955

10%

113.2 Gbps

44%

10.6 Mpps

88%

2872.4 Sec

8%

5 Nonstore Retailers41,940

20%

114.7 Gbps

44%

18.8 Mpps

50%

4340.9 Sec

35%

6 Educational Services24,348

13%

44.4 Gbps

17%

8.2 Mpps

36%

3326.8 Sec

68%

7 Computer + Electronic Product Manufacturing

26,401

25%

63.2 Gbps

83%

22.9 Mpps

39%

3452.1 Sec

28%

8 Executive, Legislative + Other General Government Support

8,981

10%

47.8 Gbps

10%

6.5 Mpps

50%

6153.2 Sec

185%

9 Finance + Insurance3,005

24%

40.2 Gbps

14%

8.0 Mpps

45%

2432.0 Sec

19%

10 Ambulatory Health Care Services2,697

7%

36.4 Gbps

76%

7.3 Mpps

96%

2175.2 Sec

5%

IoT

TOP FIVE EXPLOITS

EXPLOIT NAME EDB-ID

/ws/v1/cluster/apps Hadoop YARN ResourceManager 45025

/ctrlt/DeviceUpgrade_1 Huawei Router 45991

/picsdesc.xml Realtex SDK — Miniigd UPnP SOAP 37169

/cgi-bin/ViewLog.asp TrueOnline-ZyXEL-Billion Routers 43884

/login.cgi Multiple Devices — Remote code execution -----2,187

2,489

2,721

3,058

3,759 root/xc3511

admin/admin

guest/12345

root/vizxv

guest/guest5

4

3

2

1

The following industry chart shows the most targeted sectors in 2020 by number of attacks compared to 1H 2019.

TOP FIVE USERNAME + PAS SWORD COMBINATIONS