An Era of DDoS Hacktivism

Highlights from NETSCOUT DDoS Threat Intelligence Report Issue 13

male at computer screen

NETSCOUT’s 1H 2024 DDoS Threat Intelligence Report delivers critical intelligence essential for both daily network operations and high-level strategic decision-making. This report underscores the growing complexity of distributed denial-of-service (DDoS) threats, including a notable increase in both attack frequency and sophistication. These insights provide a clear roadmap for network operations teams to fine-tune real-time detection and mitigation strategies, ensuring they stay ahead of evolving threats.

Global Highlights

  • 7,962,491 DDoS attacks observed in 1H 2024, a 12.8 percent increase over the previous six months
  • Application-layer attacks are up by 43 percent
  • Volumetric attacks are up by 30 percent
  • More than half of all attacks are multivector

DDoS Attacks Experienced Surge in Frequency

This escalation, driven largely by hacktivist activities targeting global organizations and industries, has not only increased the strain on networks worldwide but also has led to more-sophisticated attacks. Adversaries increasingly are leveraging resilient, takedown-resistant networks, such as those provided by nuisance networks and bulletproof hosting providers. Our findings show that more than 75 percent of newly established networks are involved in DDoS activities within just 42 days of coming online, reflecting the rapid mobilization and integration of any network into the broader attack landscape.

Evolving Capabilities of DDoS-Capable Botnets

NETSCOUT observed a 50 percent growth of bot-infected devices with the emergence of the Zergeca botnet and the continued evolution of the DDoSia botnet used by NoName057(16). These botnets incorporate advanced technologies such as DNS over HTTPS (DoH) for command-and-control (C2) and coordinated DDoS attacks targeting multiple entities, making detection and mitigation more challenging. The trend of implementing a distributed botnet C2 infrastructure, leveraging bots as control nodes, further complicates defense efforts because it’s not just the inbound DDoS activity but also the outbound activity of bot-infected systems that need to be triaged and blocked.

Escalating Threats to Critical Infrastructure

Critical infrastructure sectors, particularly banking, financial services, and public utilities, experienced a 55 percent increase in DDoS attacks over four years. These sectors face frequent and intense multivector attacks, receiving substantial attack traffic.

Conclusion

Today’s connected world has a pressing need for comprehensive detection and mitigation strategies that address the complexities of modern DDoS threats, even as adversaries indiscriminately pummel organizations of all types. By implementing robust security measures, leveraging threat intelligence, and fostering collaboration among sectors, organizations can enhance their resilience against the growing threat landscape.

Explore the full NETSCOUT DDoS Threat Intelligence Report with interactive graphs and additional resources today.