Sophisticated cybercriminals have become at bypassing defenses with new DDoS attack vectors and successful methodologies, according to the 2022 DDoS Threat Intelligence H1 Report released by network detection platform Netscout Systems.
“By constantly innovating and adapting, attackers are designing new, more effective DDoS attack vectors or doubling down on existing effective methodologies,” said Richard Hummel, threat intelligence lead, NETSCOUT. “In the first half of 2022, attackers conducted more pre-attack reconnaissance, exercised a new attack vector called TP240 PhoneHome, created a tsunami of Transmission control protocol [TCP] flooding attacks, and rapidly expanded high-powered botnets to plague network-connected resources. In addition, bad actors have openly embraced online aggression with high-profile DDoS attack campaigns related to geopolitical unrest, which have had global implications.”
TCP-based flood attacks remain the most used attack vector, with approximately 46 percent of all attacks continuing a trend that started in early 2021, the report said.
In addition, DNS water-torture attacks accelerated into 2022 with a 46 percent increase primarily using UDP query floods, while carpet-bombing attacks experienced a big comeback toward the end of the second quarter; overall, DNS amplification attacks decreased by 31 percent from 2H2021 to 1H2022.
The report also suggests that the new TP240 PhoneHome reflection/amplifications DDoS vector was discovered in early 2022 with a record-breaking amplification ratio of 4,293,967,296:1; swift actions eradicated the abusable nature of this service.
Malware botnet proliferation grew at an alarming rate, with 21,226 nodes tracked in the first quarter to 488,381 nodes in the second, resulting in more direct-path, application-layer attacks.
Moreover, the analysis showed that Russia experienced a nearly 3X increase in daily DDoS attacks since the conflict with Ukraine began and continued through the end of the reporting period.