top of page
Writer's pictureInno-Thought Team

Nexusguard Research Shows Total Number of DDoS Attacks Increased during First Half of 2022

  • Nexusguard DDoS Statistical Report Reveals Key Attack Observations and Analysis from the First Half of 2022

  • Total Number of DDoS Attacks Increased during First Half of 2022 While Maximum Attack Size Decreased Compared to Second Half of 2021


In the first half of 2022, the amount of DDoS (distributed denial of service) attacks increased by 75.6% compared to the second half of 2021, according to new Nexusguard research revealed in the company's DDoS Statistical Report for 1HY 2022. While the total number of attacks did grow, the average (0.59 Gbps) and maximum (232.0 Gbps) attack sizes each decreased by 56% and 66.8%, respectively, during the same period. Notably, application attacks increased a whopping 330% over the second half of 2021 and amplification attacks increased by 106.7%.


Single-vector attacks represented 85% of all attacks globally in H1 2022. UDP (User Datagram Protocol) attacks, which quickly overwhelm the target defenses, and HTTPS Flood, which exhaust servers with valid HTTPS requests, were the two most predominant vectors. Nearly four out of 10 (39.6%) attacks were UDP, an increase of 77.5% from H2 2021, and the two groups combined accounted for more than half (55.5%) of DDoS attacks globally. UDP attacks frequently serve as a smokescreen to mask other malicious activities such as efforts to compromise personal identifiable information (PII) or the execution of malware or remote codes.


New to Nexusguard DDoS reports are statistics describing top reflected attack destinations. Reflection attacks spoof the IP address of the target, tricking it to believe it has received an authentic request, typically via UDP, to which the target responds. Nearly three-quarters (74.6%) of all reflected attacks targeted organizations in Brazil and South Korea. Within Europe, the United Kingdom received almost a quarter (24.6%) of all reflected attacks in that region while in the Middle East and Africa the Seychelles and Saudi Arabia combined, received more than half (55.5%).


Stealthy Bit-and-Piece attacks continue to plague ASN-level Communications Service Providers (CSPs) globally, especially internet service providers (ISPs). Stealthy Bit-and-Piece attacks continue to plague ASN-level Communications Service Providers (CSPs) globally, especially Internet service providers (ISPs). While 81% of attacks globally were less than a single Gbps, Bit-and-Piece attacks by /24 networks registered minimum sizes of 0.0637 Gbps and a maximum of 123.72 Gbps. By drip-feeding doses of junk traffic into a large IP pool, the traffic remains small enough to evade traditional threshold-based detection, but accumulates to be enough to clog and disable the target.


"Attackers came out of winter hibernation with never-before-seen levels of intent, showing an incredible increase of attacks in Q2 2022 alone and by June, reaching the highest first-half levels since 2018," said Juniman Kasman, chief technology officer of Nexusguard. "We've expanded our DDoS reports to include data on reflected attack destinations and have separated Europe from the Middle East and Africa regions to provide organizations with even more information on DDoS attacks. The wide variability in attack types shown by our latest report demonstrates that companies must remain vigilant in protecting themselves against the risk of DDoS attacks."

  • Types of Attack Vectors: In the first half of 2022, UDP Attack and HTTPS Flood were the predominant two attack types, contributing 39.58% and 15.94% respectively, while TCP ACK Attacks ranked third at 6.48%.

  • Attacks by Category: Volumetric (Direct Flood) attacks, contributing 67.93% of the total attacks recorded in the first half of 2022, increased by 48.22% HoH and decreased by 15.06% YoY.

  • Attacks by Protocol: UDP and TCP based attacks were the predominant two attack types in the first half of 2022, contributing 61.27% and 30.57% respectively.

  • Attack Durations: 69.27% of attacks were shorter than 90 minutes, while the rest lasted longer than 90 minutes. 17.15% of attacks exceeded 1200 minutes.


4 views0 comments

Commentaires

Les commentaires n'ont pas pu être chargés.
Il semble qu'un problème technique est survenu. Veuillez essayer de vous reconnecter ou d'actualiser la page.
connexion_panel_edited.jpg
CXO_8-in-1.png
subscribe_button.png