Key Findings
NETSCOUT’s 1H 2024 report delivers critical intelligence essential for both daily network operations and high-level strategic decision-making.
This report underscores the growing complexity of DDoS threats, including a notable increase in both attack frequency and sophistication. For instance, the emergence of advanced botnets such as Zergeca and DDoSia, which now employ sophisticated techniques such as DNS-over-HTTP/S for C2 operations, highlights the evolving nature of these threats.
These insights provide a clear roadmap for network operations teams to fine-tune real-time detection and mitigation strategies, ensuring they stay ahead of these evolving threats. Additionally, the report presents a compelling case for investment in advanced DDoS protection systems, especially given the documented surge in targeted attacks on critical infrastructure sectors, including banking and public utilities. Leveraging this actionable intelligence, organizations can bridge the gap between operational readiness and strategic cybersecurity investments, ensuring their digital assets are well-protected against the increasingly sophisticated landscape of DDoS threats.
DDoS Attacks Experienced Surge in Frequency
Application-layer attacks surged by 43 percent in the first half of the year, surpassing the 30 percent increase in volumetric attacks, particularly in Europe and the Middle East. This escalation, driven largely by hacktivist activities targeting global organizations and industries, has not only increased the strain on networks worldwide but also led to more sophisticated attacks. Adversaries are increasingly leveraging resilient, takedown-resistant networks, such as those provided by nuisance networks and bulletproof hosting providers. Our findings show that more than 75 percent of newly established networks are involved in distributed denial-of-service (DDoS) activities within just 42 days of coming online, reflecting the rapid mobilization and integration of any network into the broader attack landscape.
Evolving Capabilities of DDoS-Capable Botnets
ASERT observed a 50 percent growth of bot-infected devices with the emergence of the Zergeca botnet and the continued evolution of the DDoSia botnet used by NoName057(16). These botnets incorporate advanced technologies such as DNS over HTTPS (DoH) for command-and-control (C2) and coordinated DDoS attacks targeting multiple entities, making detection and mitigation more challenging. The trend of implementing a distributed botnet C2 infrastructure, leveraging bots as control nodes, further complicates defense efforts because it’s not just the inbound DDoS activity but also the outbound activity of bot-infected systems that need to be triaged and blocked.
Escalating Threats to Critical Infrastructure
Critical infrastructure sectors, particularly banking, financial services, and public utilities, experienced a 55 percent increase over four years. These sectors face frequent and intense multivector attacks, receiving substantial attack traffic.