Netscout released the findings of its Threat Intelligence Report for the second half of 2019, which also incorporates insights from its 15th Annual Worldwide Infrastructure Security Report (WISR) survey.
The report underscores the proliferation of risks faced by global enterprises and service providers. These organizations must now not only defend IT infrastructures, but also manage risks caused by increased DDoS attacks on customer-facing services and applications, mobile networks, and unsecured IoT devices.
“We’ve uncovered some disturbing statistics,” stated Hardik Modi, AVP, engineering, threat and mitigation products, Netscout. “By weaponizing new attack vectors, leveraging mobile hotspots, and targeting compromised endpoint IoT devices, attackers are increasingly finding ways to infiltrate our internet-connected world. They are getting more sophisticated by using a minuscule portion of the available vulnerable devices to carry out a successful attack. The largest OpenVPN DDoS attack we observed used less than one percent of the available reflectors connected to the internet. Botmasters are waiting in the wings, since the risk will only increase in 2020 when an estimated 20.4 billion more devices are connected to the internet.”
Key findings from the report
- Attackers weaponized seven new UDP reflection/amplification vectors and combined variations of existing well-known attack vectors to launch pinpoint-focused DDoS attacks.
- Carpet-bombing tactics increased vertical sector attack activity; satellite telecommunications witnessed a 295% increase in attacks.
- Adversaries discovered how to use advanced reconnaissance to target client services at well-protected targets like ISPs and financial institutions to amplify attacks against specific enterprises and network operators.
- Wireless communications companies experienced a 64% increase in DDoS attack frequency from 2H 2018 to 2H 2019, mainly due to the increased tendency of gamers to use their phone services as wireless hotspots, as well as the popularity of gaming on mobile devices with 4G or LTE connectivity.
- Mirai-based variants dominated the second half of 2019 with a 57% increase targeting 17 system architectures; ASERT honeypots reflect this growth with an 87% increase in the number of exploit attempts.
- Service provider respondents to the WISR reported a 52% increase in DDoS attacks on publicly exposed service infrastructures compared to 38% the previous year.