Issue 7: Findings from 1H 2021

NETSCOUT Threat Intelligence Report

The unprecedented events of 2020 led to an enormous and extended upswing in innovation for threat actors. And it's not going away anytime soon.

Explore Interactive Report Explore Interactive Report

The Long Tail of Attacker Innovation

DDoS attacks continue to threaten organizations worldwide, as adversaries unleash innovative new attack methods against an ever-expanding target set.



Attackers launched a record-breaking number of attacks in 1H 2021, an 11 percent increase year over year.



On average, multivector attacks using 20-plus vectors spiked by 106 percent, including a record-breaking 31-vector attack on an organization in Germany.



Tracking global botnet clusters and density zones shines a light on how malicious adversaries abuse these botnets to launch DDoS attacks.

Black Hats Let the Good Times Roll

The breadth and depth of opportunities to exploit our increasing online dependence has presented adversaries with an embarrassment of potential riches.

number seven outline with blue orb behind

7 Attack Vectors in 7 Months

Threat actors exploited or weaponized at least seven newer reflection/amplification DDoS attack vectors within the past seven months, igniting an explosion of new UDP-based attack modes.

target ring outlines with 3 arrows and green orb behind

Adaptive DDoS Attacks

Adversaries developed new adaptive DDoS attack strategies that evade traditional mitigation techniques. Threat actors custom-tailor each attack to bypass multiple layers of DDoS mitigation and protection, both cloud-based and on premises.

two chain links outline with red and pink orb behind

Connectivity Supply Chain Under Attack

Threat actors are upping attacks on vital components that make the internet tick, such as DNS servers, virtual private network (VPN) concentrators and services, and internet exchanges. At risk: every internet user’s ability to get online.

skull outline with green orb behind

Triple Extortion: A Ransomware Trifecta

Ransomware gangs added triple-extortion attacks to their criminal service offerings. By combining data encryption, data theft, and DDoS attacks, threat actors hit a ransomware trifecta designed to increase the possibility of payment.

envelope with exclamation on top outline with red orb behind

ISPs Face DDoS Extortion Attacks

Threat actors launched the self-dubbed Fancy Lazarus DDoS extortion campaign that primarily targets authoritative DNS servers for internet service providers (ISPs). Meanwhile, the more broadly based Lazarus Bear Armada (LBA) DDoS extortion campaign continues to target victims across a range of industries.

robot with mad eyes icon and blue orb behind

Botnet Exposé

NETSCOUT analysis pulls back the curtain to detail how black hats leverage fast-growing botnets to launch DDoS attacks.

From adaptive DDoS attack strategies to an explosion of new DDoS attack vectors, threat actors thrive on rapid innovation. Here's the latest on our constantly changing threat landscape.