NETSCOUT unveils surge in global DDoS attacks in 1H2023

netscout ddos attacks threat intelligence report security cyber cybersecurity

Ryan Daws is a senior editor at TechForge Media, with a seasoned background spanning over a decade in tech journalism. His expertise lies in identifying the latest technological trends, dissecting complex topics, and weaving compelling narratives around the most cutting-edge developments. His articles and interviews with leading industry figures have gained him recognition as a key influencer by organisations such as Onalytica. Publications under his stewardship have since gained recognition from leading analyst houses like Forrester for their performance. Find him on X (@gadget_ry) or Mastodon (

NETSCOUT has released its 1H2023 DDoS Threat Intelligence Report, shedding light on the escalating threat landscape.

Cybercriminals launched a staggering 7.9 million distributed denial of service (DDoS) attacks in the first half of 2023, marking a concerning 31 percent year-over-year increase.

The surge in DDoS attacks has been propelled by a confluence of global events, with the Russia-Ukraine conflict and NATO-related activities serving as key catalysts.

In 2022, Finland faced relentless DDoS attacks from pro-Russian hacktivists during its NATO bid, and similarly, Turkey and Hungary were targeted for opposing Finland’s efforts.

This year, Sweden encountered a barrage of attacks as it pursued its own NATO membership—including a colossal 500 Gbps DDoS attack in May.

These ideologically-motivated attacks have left no corner untouched and have also affected countries such as the US, Ukraine, Russia, and several others.

NETSCOUT’s research also highlights a concerning trend that emerged in the second half of 2022.

DDoS attacks against wireless telecommunications providers soared globally by 79 percent in 2H2022. This trend continued into 1H2023, particularly affecting providers in the Asia-Pacific region where there was a shocking 294 percent increase.

The increase in attacks against wireless providers correlates with the growing number of broadband gaming enthusiasts shifting their activity to 5G fixed wireless access as providers expand their networks.

NETSCOUT’s insights are derived from its ATLAS sensor network, a result of decades of collaboration with numerous ISPs worldwide. This network analyses trends based on an average of 424 Tbps of internet peering traffic, which has increased by 5.7 percent since 2022.

The report highlights a staggering 500 percent growth in HTTP/S application layer attacks since 2019, accompanied by a 17 percent uptick in DNS reflection/amplification volumes during 1H2023.

Richard Hummel, Senior Threat Intelligence Lead at NETSCOUT, commented:

“While world events and the expansion of 5G networks have driven the surge in DDoS attacks, adversaries are continually evolving their tactics, utilising bespoke infrastructure like bulletproof hosts and proxy networks to launch their attacks.

The persistence of these adversaries to find and weaponise new methods is evident, with DNS water torture and carpet-bombing attacks becoming more prevalent.”

The NETSCOUT 1H2023 DDoS Threat Intelligence Report brings to light several key findings, including the resurgence of carpet-bombing attacks – a 55 percent increase – and a concerning rise of nearly 353 percent in DNS water-torture attacks.

These attacks have targeted a wide range of industries, including wired and wireless telecom, data processing hosting, electronic shopping, mail-order companies, and insurance agencies and brokerages.

Higher education and governments have also borne the brunt of these attacks, with adversaries frequently leveraging abusable infrastructure in their campaigns.

The report highlights that open proxies were consistently used in HTTP/S application-layer DDoS attacks against higher education and national government targets, while DDoS botnets featured prominently in attacks against state and local governments.

Furthermore, the report underscores the persistence of DDoS sources, with a relatively small number of nodes responsible for a disproportionate number of attacks. These attackers exhibit a low IP address churn rate of only 10 percent, often reusing abusable infrastructures in their onslaughts.

In a digital landscape fraught with escalating cyber threats, NETSCOUT’s comprehensive report serves as a vital resource for businesses and governments seeking to understand the relentless wave of DDoS attacks.

For more insights and information on NETSCOUT’s semi-annual DDoS Threat Intelligence Report, visit their interactive website. Real-time DDoS attack statistics, maps, and insights are available via Cyber Threat Horizon.

See also: Microsoft: UN treaty creates ‘ideal conditions’ for cybercrime

Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with Digital Transformation Week.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

Tags: , , , , , , , ,

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *