ch - netscout
TRANSCRIPT
101%
81%
7%
Switzerland
2020 was mostly about more: More frequent, faster, and complex attacks. There was one big exception, however: attack duration, which dropped more than 50 percent globally. Attacks were also more complex, as 15-plus vector attacks spiked 126 percent in popularity year over year. This adds up to some bad math for defenders: Shorter duration + increased complexity = less time to respond to increasingly difficult mitigation scenarios. This attack strategy will likely continue, further highlighting the vital role of advanced and automated DDoS technology.
Impact Analysis
We wanted to understand how much traffic traversing Switzerland’s infrastructure is due solely to DDoS attacks. To find out, we created the DDoS Attack Coefficient (DAC). DAC represents the total sum of DDoS traffic traversing any given region or country in one minute. This allows us to identify the DDoS attack traffic observed by NETSCOUT traveling in and out of the country for the past six months at any point in time. Here, you can clearly see the massive jump in both bandwidth and throughput during March, the height of the pandemic lockdown.
DDoS Statistics
Attack frequency
Max throughput
Average duration
Size
Speed
Duration
Attack types
314.3 GBPS
33.6 MPPS
960 SEC
L2TP, DNS, TCP SYN/ACK, NETBIOS, ICMP, DNS, TCP ACK, TCP RST, TCP SYN, NTP, BITTORRENT, ISAKMP
Largest Attack
Top Five Vectors
Attacks by Vector
Max number of vectors seen in a single attack 24VECTOR # OF ATTACKS
TCP ACK 6,394
DNS Amplification 5,233
TCP RST 4,955
TCP SYN 4,389
TCP SYN/ACK Amplification
3,406
Key Metrics from the 1H 2020 NETSCOUT Threat Intelligence Report
The DDoS Chronicles
CH
0
10
20
30
40
50
0
50
100
150
200
250
300
350
JanuaryFebruary
June
95.5 Gbps
January18.1 Mpps
35.6 Gbps
March102%
71.8 Gbps
March138%
23.2 Mpps
February46%
9.8 Mpps
April5%
22.1 Mpps
May89%
41.8 Mpps June19%
33.7 Mpps
April37%
45 Gbps
534%315.2 Gbps
May11%
49.7 Gbps
63%
Gbp
sM
pps
0
10
20
30
40
50
0
50
100
150
200
250
300
350
JanuaryFebruary
June
95.5 Gbps
January18.1 Mpps
35.6 Gbps
March102%
71.8 Gbps
March138%
23.2 Mpps
February46%
9.8 Mpps
April5%
22.1 Mpps
May89%
41.8 Mpps June19%
33.7 Mpps
April37%
45 Gbps
534%315.2 Gbps
May11%
49.7 Gbps
63%
Gbp
sM
pps
BANDWIDTH IMPACT PERCENTAGE CHANGE
THROUGHPUT IMPACT PERCENTAGE CHANGE
The Big PictureExplore the full 1H 2020 NETSCOUT Threat Intelligence Report to find the latest research into trends and activities across the global DDoS threat landscape.
© 2020 NETSCOUT SYSTEMS, INC. All rights reserved. NETSCOUT, and the NETSCOUT logo are registered trademarks of NETSCOUT SYSTEMS, INC., and/or its subsidiaries and/or affiliates in the USA and/or other countries. All other brands and product names and registered and unregistered trademarks are the sole property of their respective owners.
SECR_021_EN-2001 09/2020
READ THE REPORT
Top Ten Verticals by Attack Count
The DDoS Chronicles: Switzerland
RANK VERTICAL FREQUENCY MAX ATTACK MAX IMPACT AVERAGE DURATION
1 Telecommunications4,854
19%
76.1 Gbps
43%
40.7 Mpps
215%
5801.1 Sec
96%
2 Data Processing, Hosting + Related Services
964
21%
7.6 Gbps
4%
2.4 Mpps
32%
6314.7 Sec
125%
3 Publishing Industries (except Internet)
511
6,288%
3.5 Gbps
1,780%
1.2 Mpps
920%
3652.8 Sec
18%
4 Professional, Scientific + Technical Services
496
41%
11.1 Gbps
9%
3.0 Mpps
112%
5175.6 Sec
109%
5 Educational Services152
7%
6.3 Gbps
550%
2.3 Mpps
359%
3976.7 Sec
18%
6 National Security + International Affairs
62
27%
4.2 Gbps
1,807%
1.9 Mpps
5,181%
6107 Sec
252%
7 Computer + Electronic Product Manufacturing
49
880%
3.8 Gbps
6,029%
1.3 Mpps
20,430%
3030.8 Sec
388%
8 Transportation Equipment Manufacturing
46
1,050%
0.7 Gbps
2,730%
0.3 Mpps
14,788%
2855.4 Sec
332%
9 Executive, Legislative + Other General Government Support
45
2%
0.2 Gbps
53%
0.0 Mpps
74%
2405.7 Sec
118%
10 Chemical Manufacturing39
63%
15.6 Gbps
1,029%
1.4 Mpps
218%
4975.2 Sec
92%
IoT
TOP EXPLOITS
18
21
23
31
35
guest/12345
root/xc3511
admin/admin
root/vizxv
guest/guest
5
4
3
2
1
The following industry chart shows the most targeted sectors in 2020 by number of attacks compared to 1H 2019.
TOP FIVE USERNAME + PAS SWORD COMBINATIONS
EXPLOIT NAME EDB-ID
/ctrlt/DeviceUpgrade_1 Huawei Router 45991
/ws/v1/cluster/apps Hadoop YARN ResourceManager 45025