ch - netscout

101%

81%

7%

Switzerland

2020 was mostly about more: More frequent, faster, and complex attacks. There was one big exception, however: attack duration, which dropped more than 50 percent globally. Attacks were also more complex, as 15-plus vector attacks spiked 126 percent in popularity year over year. This adds up to some bad math for defenders: Shorter duration + increased complexity = less time to respond to increasingly difficult mitigation scenarios. This attack strategy will likely continue, further highlighting the vital role of advanced and automated DDoS technology.

Impact Analysis

We wanted to understand how much traffic traversing Switzerland’s infrastructure is due solely to DDoS attacks. To find out, we created the DDoS Attack Coefficient (DAC). DAC represents the total sum of DDoS traffic traversing any given region or country in one minute. This allows us to identify the DDoS attack traffic observed by NETSCOUT traveling in and out of the country for the past six months at any point in time. Here, you can clearly see the massive jump in both bandwidth and throughput during March, the height of the pandemic lockdown.

DDoS Statistics

Attack frequency

Max throughput

Average duration

Size

Speed

Duration

Attack types

314.3 GBPS

33.6 MPPS

960 SEC

L2TP, DNS, TCP SYN/ACK, NETBIOS, ICMP, DNS, TCP ACK, TCP RST, TCP SYN, NTP, BITTORRENT, ISAKMP

Largest Attack

Top Five Vectors

Attacks by Vector

Max number of vectors seen in a single attack 24VECTOR # OF ATTACKS

TCP ACK 6,394

DNS Amplification 5,233

TCP RST 4,955

TCP SYN 4,389

TCP SYN/ACK Amplification

3,406

Key Metrics from the 1H 2020 NETSCOUT Threat Intelligence Report

The DDoS Chronicles

CH

0

10

20

30

40

50

0

50

100

150

200

250

300

350

JanuaryFebruary

June

95.5 Gbps

January18.1 Mpps

35.6 Gbps

March102%

71.8 Gbps

March138%

23.2 Mpps

February46%

9.8 Mpps

April5%

22.1 Mpps

May89%

41.8 Mpps June19%

33.7 Mpps

April37%

45 Gbps

534%315.2 Gbps

May11%

49.7 Gbps

63%

Gbp

sM

pps

0

10

20

30

40

50

0

50

100

150

200

250

300

350

JanuaryFebruary

June

95.5 Gbps

January18.1 Mpps

35.6 Gbps

March102%

71.8 Gbps

March138%

23.2 Mpps

February46%

9.8 Mpps

April5%

22.1 Mpps

May89%

41.8 Mpps June19%

33.7 Mpps

April37%

45 Gbps

534%315.2 Gbps

May11%

49.7 Gbps

63%

Gbp

sM

pps

BANDWIDTH IMPACT PERCENTAGE CHANGE

THROUGHPUT IMPACT PERCENTAGE CHANGE

The Big PictureExplore the full 1H 2020 NETSCOUT Threat Intelligence Report to find the latest research into trends and activities across the global DDoS threat landscape.

© 2020 NETSCOUT SYSTEMS, INC. All rights reserved. NETSCOUT, and the NETSCOUT logo are registered trademarks of NETSCOUT SYSTEMS, INC., and/or its subsidiaries and/or affiliates in the USA and/or other countries. All other brands and product names and registered and unregistered trademarks are the sole property of their respective owners.

SECR_021_EN-2001 09/2020

READ THE REPORT

Top Ten Verticals by Attack Count

The DDoS Chronicles: Switzerland

RANK VERTICAL FREQUENCY MAX ATTACK MAX IMPACT AVERAGE DURATION

1 Telecommunications4,854

19%

76.1 Gbps

43%

40.7 Mpps

215%

5801.1 Sec

96%

2 Data Processing, Hosting + Related Services

964

21%

7.6 Gbps

4%

2.4 Mpps

32%

6314.7 Sec

125%

3 Publishing Industries (except Internet)

511

6,288%

3.5 Gbps

1,780%

1.2 Mpps

920%

3652.8 Sec

18%

4 Professional, Scientific + Technical Services

496

41%

11.1 Gbps

9%

3.0 Mpps

112%

5175.6 Sec

109%

5 Educational Services152

7%

6.3 Gbps

550%

2.3 Mpps

359%

3976.7 Sec

18%

6 National Security + International Affairs

62

27%

4.2 Gbps

1,807%

1.9 Mpps

5,181%

6107 Sec

252%

7 Computer + Electronic Product Manufacturing

49

880%

3.8 Gbps

6,029%

1.3 Mpps

20,430%

3030.8 Sec

388%

8 Transportation Equipment Manufacturing

46

1,050%

0.7 Gbps

2,730%

0.3 Mpps

14,788%

2855.4 Sec

332%

9 Executive, Legislative + Other General Government Support

45

2%

0.2 Gbps

53%

0.0 Mpps

74%

2405.7 Sec

118%

10 Chemical Manufacturing39

63%

15.6 Gbps

1,029%

1.4 Mpps

218%

4975.2 Sec

92%

IoT

TOP EXPLOITS

18

21

23

31

35

guest/12345

root/xc3511

admin/admin

root/vizxv

guest/guest

5

4

3

2

1

The following industry chart shows the most targeted sectors in 2020 by number of attacks compared to 1H 2019.

TOP FIVE USERNAME + PAS SWORD COMBINATIONS

EXPLOIT NAME EDB-ID

/ctrlt/DeviceUpgrade_1 Huawei Router 45991

/ws/v1/cluster/apps Hadoop YARN ResourceManager 45025