DDoS alert traffic reaches record-breaking level of 436 petabits in one day

With over one billion websites worldwide, HTTP/HTTPS application-layer attacks have increased by 487% since 2019, with the most significant surge in the second half of 2022, according to NETSCOUT.

The dynamic nature of the DDoS threat landscape

Much of the increase comes from the pro-Russian group Killnet and others that explicitly target websites. Attacks of this nature preceded the Ukraine invasion, knocking out critical financial, government, and media sites.

“DDoS attacks threaten organizations worldwide and challenge their ability to deliver critical services,” said Richard Hummel, threat intelligence lead, NETSCOUT. “With multi-terabit-per-second attacks now commonplace, and bad actors’ arsenals continuing to grow in sophistication and complexity, organizations need a strategy that can quickly adapt to the dynamic nature of the DDoS threat landscape.”

DDoS attacks reach record high in second half of 2022

The peak sum of DDoS alert traffic in one day reached as high as 436 petabits and more than 75 trillion packets in the second half of 2022. Service providers rigorously scrubbed a large percentage of this traffic, while enterprises eliminated an additional daily aggregate average of 345 terabytes of unwanted traffic.

Direct-path attacks have increased by 18% over the past three years, while traditional reflection/amplification attacks decreased by nearly the same, highlighting the need for a hybrid defense approach to weather the fluctuating attack methodology.

The U.S. national security sector experienced a massive 16,815% increase in attacks related to the pro-Russia Killnet group, including a spike in attacks after President Biden’s public remarks at the G7 Summit and another spike the same day the French and U.S. presidents re-affirmed their support for Ukraine.

NETSCOUT ASERT analysts tracked over 1.35 million bots from malware families like Mirai, Meris, and Dvinis in 2022, with enterprises receiving over 350,000 security-related alerts with botnet involvement. By contrast, service providers received approximately 60,000 alerts where bots were present.

Carpet-bombing attacks targeting ISP networks on the rise

Carpet-bombing attacks, a technique that simultaneously targets entire IP address ranges, increased by 110% from the first to the second half of 2022, with most attacks against ISP networks.

A barrage of DDoS attacks hammered EMEA’s optical instrument and lens manufacturing sector, resulting in a 14,137% increase, mainly against one major distributor with over 6,000 attacks over four months.

DDoS attacks on the wireless telecommunications industry have grown 79% since 2020, primarily due to the increase in 5G wireless to the home. It accounts for 20% of all DDoS attacks for a specific industry, second only to wired telecommunications carriers.