TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

F5 Labs

2022 Application Protection Report: DDoS Attack Trends

2022-03-16 · Read original ↗

ATT&CK techniques detected

36 predictions
T1498Network Denial of Service
89%
“feel that this can result in misleading figures, which may cause incorrect threat assessments to be made. for example, comparing in isolation the number of snmp reflection attacks from 2020 to 2021 we found a growth of 129 % — by far the largest growth in any of the ddos attack t…”
T1498Network Denial of Service
89%
“reported that administrators of online illegal marketplaces have improved their own defenses to defend against ddos attacks from competitors. executive summary - silverline mitigated its largest - ever ddos attack, which peaked at just under 1. 4 tbps, almost 5. 5 times larger th…”
T1498Network Denial of Service
88%
“motivation behind ddos attacks remains varied. nation - states continue to use these to taunt political adversaries and attack their critical national infrastructure, while students take out petty grudges against educational institutions. organized crime groups make widespread us…”
T1498Network Denial of Service
86%
“2022 application protection report : ddos attack trends introduction distributed denial - of - service ( ddos ) attacks in 2021 showed some fascinating developments. analysis of attack data collected by f5 ’ s silverline team, which provides managed ddos protection services, amon…”
T1498Network Denial of Service
83%
“although, as observed in figure 10, the frequency of attacks against bfsi has been growing steadily over the past two years. not all sectors have seen such growth, however. the technology sector has seen a steady decline in the quantity of attacks, and the education sector contin…”
T1498Network Denial of Service
82%
“that sends more traffic to the victim than their network bandwidth can cope with. combined with udp reflection attacks, which mask the attackers ’ real ip addresses, volumetric denial of service will continue to be the go - to ddos attack for many threat actors. but while volumet…”
T1498Network Denial of Service
82%
“attack data captured by our partner effluxio. what we discovered was a fascinating attack campaign targeting a well - known consume router brand. this research is ongoing and will feature in an upcoming article. conclusions and considerations despite a small drop in the number of…”
T1498Network Denial of Service
81%
“with only 17 % of attacks using tcp. this changed considerably in 2021, with tcp being used for 27 % of attacks. this correlates with more complex protocol and application ddos attacks ( endpoint denial of service t1499 ), which often need the stateful tcp protocol. in 2021, 27 %…”
T1498Network Denial of Service
80%
“##labs. com to its ip address, 107. 162. 154. 83. when evaluating the most common ddos attack types and how they change over time, it is important to review both the current most common types as well as how they ’ ve changed. reviewing only the changes over the past year may lead…”
T1498Network Denial of Service
80%
“silverline observed and mitigated the largest attack it had ever seen ( see figure 4 ). the onslaught, targeting an isp / hosting customer, lasted just four minutes and reached its maximum attack bandwidth of almost 1. 4 tbps in only 1. 5 minutes. figure 4. graph of ddos attack t…”
T1498Network Denial of Service
78%
“& ck framework in an attempt to present findings and conclusions in a way that is consistent within our own body of work and that also allows for simple comparisons with other research. 2 to this end, this report will include att & ck technique ids to allow for easy cross - refer…”
T1498Network Denial of Service
76%
“attackers were targeting as many points in the application stack as possible : dns reflection to consume the network bandwidth and https gets as an attempt to overwhelm the application servers. multivectored attacks like these are common. the more vectors used, the more technique…”
T1498Network Denial of Service
73%
“and reached its maximum attack bandwidth of almost 1. 4 tbps in only 1. 5 minutes. the geographic location of attacking ip addresses, or target ip addresses, is largely irrelevant today. attackers happily compromise vulnerable devices wherever they are located in the world, and d…”
T1498.001Direct Network Flood
70%
“silverline observed and mitigated the largest attack it had ever seen ( see figure 4 ). the onslaught, targeting an isp / hosting customer, lasted just four minutes and reached its maximum attack bandwidth of almost 1. 4 tbps in only 1. 5 minutes. figure 4. graph of ddos attack t…”
T1498.001Direct Network Flood
68%
“and reached its maximum attack bandwidth of almost 1. 4 tbps in only 1. 5 minutes. the geographic location of attacking ip addresses, or target ip addresses, is largely irrelevant today. attackers happily compromise vulnerable devices wherever they are located in the world, and d…”
T1498.001Direct Network Flood
66%
“attack data captured by our partner effluxio. what we discovered was a fascinating attack campaign targeting a well - known consume router brand. this research is ongoing and will feature in an upcoming article. conclusions and considerations despite a small drop in the number of…”
T1498.001Direct Network Flood
53%
“reported that administrators of online illegal marketplaces have improved their own defenses to defend against ddos attacks from competitors. executive summary - silverline mitigated its largest - ever ddos attack, which peaked at just under 1. 4 tbps, almost 5. 5 times larger th…”
T1498.001Direct Network Flood
52%
“2022 application protection report : ddos attack trends introduction distributed denial - of - service ( ddos ) attacks in 2021 showed some fascinating developments. analysis of attack data collected by f5 ’ s silverline team, which provides managed ddos protection services, amon…”
T1499Endpoint Denial of Service
49%
“motivation behind ddos attacks remains varied. nation - states continue to use these to taunt political adversaries and attack their critical national infrastructure, while students take out petty grudges against educational institutions. organized crime groups make widespread us…”
T1498.001Direct Network Flood
49%
“feel that this can result in misleading figures, which may cause incorrect threat assessments to be made. for example, comparing in isolation the number of snmp reflection attacks from 2020 to 2021 we found a growth of 129 % — by far the largest growth in any of the ddos attack t…”
T1498.001Direct Network Flood
48%
“motivation behind ddos attacks remains varied. nation - states continue to use these to taunt political adversaries and attack their critical national infrastructure, while students take out petty grudges against educational institutions. organized crime groups make widespread us…”
T1498.001Direct Network Flood
46%
“& ck framework in an attempt to present findings and conclusions in a way that is consistent within our own body of work and that also allows for simple comparisons with other research. 2 to this end, this report will include att & ck technique ids to allow for easy cross - refer…”
T1499Endpoint Denial of Service
45%
“attack data captured by our partner effluxio. what we discovered was a fascinating attack campaign targeting a well - known consume router brand. this research is ongoing and will feature in an upcoming article. conclusions and considerations despite a small drop in the number of…”
T1498.001Direct Network Flood
45%
“although, as observed in figure 10, the frequency of attacks against bfsi has been growing steadily over the past two years. not all sectors have seen such growth, however. the technology sector has seen a steady decline in the quantity of attacks, and the education sector contin…”
T1498.001Direct Network Flood
44%
“that sends more traffic to the victim than their network bandwidth can cope with. combined with udp reflection attacks, which mask the attackers ’ real ip addresses, volumetric denial of service will continue to be the go - to ddos attack for many threat actors. but while volumet…”
T1498Network Denial of Service
44%
“per industry sector in 2021. largest attacks by industry as well as suffering the greatest number of attacks, the bfsi sector is also the target of some of the largest attacks of 2021. while the average attack size for bfsi in 2021 was 13 gbps, the sector ’ s largest attack peake…”
T1499Endpoint Denial of Service
44%
“2022 application protection report : ddos attack trends introduction distributed denial - of - service ( ddos ) attacks in 2021 showed some fascinating developments. analysis of attack data collected by f5 ’ s silverline team, which provides managed ddos protection services, amon…”
T1498.001Direct Network Flood
43%
“per industry sector in 2021. largest attacks by industry as well as suffering the greatest number of attacks, the bfsi sector is also the target of some of the largest attacks of 2021. while the average attack size for bfsi in 2021 was 13 gbps, the sector ’ s largest attack peake…”
T1498Network Denial of Service
40%
“ddos scrubbing service, or hybrid. - use both network and web application firewalls. - use antivirus solutions to curb malware infections. - use a network - based intrusion - detection system. - apply patches promptly. - block traffic with spoofed source ip addresses. - use rate …”
T1498.001Direct Network Flood
39%
“##labs. com to its ip address, 107. 162. 154. 83. when evaluating the most common ddos attack types and how they change over time, it is important to review both the current most common types as well as how they ’ ve changed. reviewing only the changes over the past year may lead…”
T1499Endpoint Denial of Service
38%
“reported that administrators of online illegal marketplaces have improved their own defenses to defend against ddos attacks from competitors. executive summary - silverline mitigated its largest - ever ddos attack, which peaked at just under 1. 4 tbps, almost 5. 5 times larger th…”
T1498.001Direct Network Flood
37%
“ddos scrubbing service, or hybrid. - use both network and web application firewalls. - use antivirus solutions to curb malware infections. - use a network - based intrusion - detection system. - apply patches promptly. - block traffic with spoofed source ip addresses. - use rate …”
T1499Endpoint Denial of Service
37%
“although, as observed in figure 10, the frequency of attacks against bfsi has been growing steadily over the past two years. not all sectors have seen such growth, however. the technology sector has seen a steady decline in the quantity of attacks, and the education sector contin…”
T1499Endpoint Denial of Service
33%
“feel that this can result in misleading figures, which may cause incorrect threat assessments to be made. for example, comparing in isolation the number of snmp reflection attacks from 2020 to 2021 we found a growth of 129 % — by far the largest growth in any of the ddos attack t…”
T1499Endpoint Denial of Service
32%
“that sends more traffic to the victim than their network bandwidth can cope with. combined with udp reflection attacks, which mask the attackers ’ real ip addresses, volumetric denial of service will continue to be the go - to ddos attack for many threat actors. but while volumet…”
T1499Endpoint Denial of Service
30%
“silverline observed and mitigated the largest attack it had ever seen ( see figure 4 ). the onslaught, targeting an isp / hosting customer, lasted just four minutes and reached its maximum attack bandwidth of almost 1. 4 tbps in only 1. 5 minutes. figure 4. graph of ddos attack t…”

Summary

Distributed denial-of-service attacks soared in complexity and size during 2021. While the overall number of DDoS attacks declined marginally compared with 2020, the F5 Silverline team saw the largest attack in 2021 peak at nearly 1.4 Tbps, 5.5 times larger than the largest attack in 2020.