Key Attack Observations and Analysis from the First Half 2022


In the first half of 2022, the amount of DDoS (distributed denial of service) attacks increased by 75.6% compared to the second half of 2021, according to new Nexusguard research revealed in the DDoS Statistical Report for 1HY 2022.

While the total number of attacks did grow, the average (0.59 Gbps) and maximum (232.0 Gbps) attack sizes each decreased by 56% and 66.8%, respectively, during the same period. Notably, application attacks increased a whopping 330% over the second half of 2021 and amplification attacks increased by 106.7%.

Single-vector attacks represented 85% of all attacks globally in H1 2022. UDP (User Datagram Protocol) attacks, which quickly overwhelm the target defenses, and HTTPS Flood, which exhaust servers with valid HTTPS requests, were the two most predominant vectors.

Nearly four out of 10 (39.6%) attacks were UDP, an increase of 77.5% from H2 2021, and the two groups combined accounted for more than half (55.5%) of DDoS attacks globally.

UDP attacks frequently serve as a smokescreen to mask other malicious activities such as efforts to compromise personal identifiable information (PII) or the execution of malware or remote codes.

New to Nexusguard DDoS reports are statistics describing top reflected attack destinations. Reflection attacks spoof the IP address of the target, tricking it to believe it has received an authentic request, typically via UDP, to which the target responds.

Nearly three-quarters (74.6%) of all reflected attacks targeted organizations in Brazil and South Korea.

Within Europe, the United Kingdom received almost a quarter (24.6%) of all reflected attacks in that region while in the Middle East and Africa the Seychelles and Saudi Arabia combined, received more than half (55.5%).

Stealthy Bit-and-Piece attacks continue to plague ASN-level Communications Service Providers (CSPs) globally, especially internet service providers (ISPs). Stealthy Bit-and-Piece attacks continue to plague ASN-level Communications Service Providers (CSPs) globally, especially Internet service providers (ISPs).

While 81% of attacks globally were less than a single Gbps, Bit-and-Piece attacks by /24 networks registered minimum sizes of 0.0637 Gbps and a maximum of 123.72 Gbps.

By drip-feeding doses of junk traffic into a large IP pool, the traffic remains small enough to evade traditional threshold-based detection, but accumulates to be enough to clog and disable the target.

“Attackers came out of winter hibernation with never-before-seen levels of intent, showing an incredible increase of attacks in Q2 2022 alone and by June, reaching the highest first-half levels since 2018,” said Juniman Kasman, chief technology officer of Nexusguard. “We’ve expanded our DDoS reports to include data on reflected attack destinations and have separated Europe from the Middle East and Africa regions to provide organizations with even more information on DDoS attacks. The wide variability in attack types shown by our latest report demonstrates that companies must remain vigilant in protecting themselves against the risk of DDoS attacks.”

You can read the full report here.