Adoption of sophisticated DDoS attacks rises in EMEA

Despite a slight decrease in distributed denial-of-service (DDoS) attack frequency during the first six months of 2022, threat actors once again ramped up their nefarious activities during the second half of the year – according to NETSCOUT’s latest Threat Intelligence Report. Globally, the number of attacks increased by 13 per cent from the first half of 2022, rising from just over 6 million to around 6.8 million. This culminated in there being almost 13 million DDoS attacks in 2022, representing a new high-water mark for attack frequency.

This rise in attack activity was particularly apparent in Europe, the Middle East, and North Africa (EMEA), with the region seeing a 16 per cent increase in DDoS attacks compared to the first half of 2022. Looking at EMEA in closer detail, further findings from the report include:

—  The top five targeted countries in the region were: Germany, France, the United Kingdom, Saudi Arabia, and South Africa

—  A barrage of DDoS attacks hammered the optical instrument and lens manufacturing sector, resulting in a 14,137 per cent increase in attacks against this industry in EMEA. The attacks almost exclusively targeted one major optics distributor.

—  There was a significant rise in DNS query flood – also known as DNS water torture – attacks from 1H 2022 to 2H 2022 (131 per cent), as well as TCP direct-path attacks (21 per cent)

—  Telecommunications, data processing and hosting services, insurance agencies and brokerages also featured among the most targeted sectors in 2H 2022 by number of attacks. All of these industries saw an increase in attack frequency from 1H 2022

Richard Hummel, threat intelligence lead for NETSCOUT, comments on the findings from the report, and explains how organisations in EMEA can defend themselves from DDoS attacks:

“Threat actors have accelerated their adoption of sophisticated DDoS attack vectors and methodologies at an alarming rate, as seen with the sharp increases in TCP direct-path attacks and DNS water torture attacks. This resulted in substantial increases in attack activity during the second half of 2022.

“The findings also demonstrate that cybercriminals do not always require a motive to launch an attack. For instance, there was no apparent cause for the sustained DDoS attack activity against the optical instrument and lens manufacturing industry, which featured in the top ten most targeted sectors in EMEA. These attacks demonstrate that no sector or organisation is off limits to threat actors in the modern world.

“With attacks now more dynamic and effective than ever before, it is imperative for organisations to install strong and effective cybersecurity tools. This includes placing adaptive DDoS defences at all edges of the network in order to supress DDoS attacks. By doing this, DDoS attacks are subdued before they enter from multiple access points throughout the network edge, blocking a potentially larger attack.

“Further to this, utilising several simple yet effective mitigation tactics – such as restricting inbound traffic and preventing IP address spoofing – can help businesses dramatically reduce the impact of emerging DDoS attacks. Educating employees on the basics of good cyber hygiene also puts organisations in a better position to defend themselves from emerging threats.

“While DDoS attacks are undoubtedly challenging and evasive, implementing these strategies will help organisations in EMEA, and indeed the rest of the world, to significantly decrease the impact of DDoS attacks on their online infrastructure.”

For more information about regional attack trends in 2022, visit https://www.netscout.com/threatreport