DDoS attacks increase to over six million in 2022

According to a report from NETSCOUT on threat intelligence, 6,019,888 global DDoS attacks took place in the first half of 2022.

These types of attacks overload the target or surrounding infrastructure with a flood of internet traffic, disrupting the routine traffic of a targeted server, service or network.

With connectivity to enterprise networks and access to web-based applications and services becoming more crucial than ever, DDoS attacks can be disastrous for any business reliant on the internet.

DDoS attacks also target the crucial business software that companies use to run their day-to-day operations, like CRM, salesforce automation and email. Therefore, these attacks pose a serious danger to business continuity since they can result in exorbitant downtime and lasting reputational damage.

The latest threat intelligence report from NETSCOUT DDoS suggests that these attacks are evolving yet again, becoming increasingly difficult to detect as they mimic legitimate traffic and requiring a high level of skill and technology for defenders to identify them as attacks.

On the rise

Attackers are increasingly adopting adaptive DDoS to degrade network availability. An adaptive DDoS attack involves adversaries conducting in-depth pre-attack reconnaissance to identify specific service delivery chain components to target.

For instance, state exhaustion attacks, which accounted for four of the top five attack vectors this year, target stateful devices such as firewalls and VPN concentrators, which are critical components of the security stack.

These are desirable targets due to the fact that attacks against them can be lower in scale and created to avoid defences intended to counter other threats, reducing the number of administrative boundaries that DDoS attack traffic must cross. Unfortunately, this often leads to fewer opportunities to detect and counteract the attack.

As attack methods evolve, network operators must change up their defences to overcome the new challenges. Owing to the nature of constantly changing attacks, essential defences must be capable of not just managing volumetric attacks, but also able to identify the many attacks specifically designed to evade recognized security mechanisms.

Unfortunately, there is no such thing as a one-size-fits-all answer. The present threat landscape necessitates an agile security model – in this case, one that works both inside and outside the network and adapts to changing attack paths and methodologies.

The importance of a hybrid defence strategy

In today’s dynamic DDoS attack landscape, a hybrid strategy is the best practice for securing networks.

Protection strategies of the past will suffice in some situations, such as in an attack designed to overwhelm internet circuits before traffic arrives on site. The new attack environment, however, is based on techniques like application-layer attacks and TCP state exhaustion that are deliberately tailored to bypass those defences.

Additionally, it is crucial to not only be quick to react to attacks that miss the cloud solution and target the network edge or an internet-facing service, but also be agile enough to swiftly update defences to adjust to slight changes in adaptive DDoS onsite.

By implementing adaptive DDoS defences across all of its network edges, network operators can defeat DDoS attack traffic as it enters the network edge -or even before it coalesces into a large-scale attack.

By Emad Fahmy, Systems Engineering Manager Middle East, NETSCOUT