Complex Made Simple

Threat intelligence report: Evolution of internet scale dangers

Today, attackers can release enormous terabit-per second-scale DDoS attacks. They routinely harness hundreds of thousands of Internet of Things (IoT) devices to launch attacks against specific targets that may be oceans and continents away. Further, state-sponsored Advanced Persistent Threat (APT) groups representing a broad range of nation-states are seen as impactful, while
traditional crimeware activity continues to proliferate. NETSCOUT Arbor has actively monitored this space since 2007 when the company launched its Active Threat Level Analysis System (ATLAS®), which collects, analyzes, prioritizes, and disseminates data on emerging threats to enable the generation of actionable intelligence for consumption by people and systems alike.

Read: Is it becoming easier for cybercriminals to access company data?

NETSCOUT SYSTEMS today released its 2018 NETSCOUT Threat Intelligence Report, offering globally scoped internet threat intelligence together with the analysis of their security research organization. The report covers the latest trends and activities from nation-state advanced persistent threat (APT) groups, crimeware operations and Distributed Denial of Service (DDoS) attack campaigns.

“ATLAS is a collaborative project with hundreds of service provider customers who have agreed to share anonymous traffic data equaling approximately one-third of all internet traffic. From this unique vantage point, NETSCOUT is ideally positioned to deliver intelligence about DDoS attacks, malware families and botnets that threaten Internet infrastructure and network availability,” said Hardik Modi, senior director, Threat Intelligence, NETSCOUT. “This report makes clear that threat actors are increasingly leveraging internet-scale threats, such as NotPetya, for targeted, highly selective campaigns.”

Read: Cyber villains like the events you attend – Here’s why

“NETSCOUT brings unique insights to the global threat landscape through their ATLAS infrastructure. While they’re best known for DDoS defense, the company has built an impressive security research organization that digs deep into malware campaigns and botnets at a global level, providing much-needed context to the overall threat environment. By studying the infrastructure, the command, and control, they’re gathering much of their intelligence straight from the source,” said Rob Ayoub, research director, Security Products program, IDC.

Key highlights:

APT groups expand scope

-State-sponsored activity has developed to the point where campaigns and frameworks are discovered regularly for a broad tier of nations. Nation-state APT groups are also using internet-scale intrusions such as NotPetya, CCleaner, VPNFilter for targeted, highly selective campaigns.

Crimeware actors diversify attack methods

-Inspired by 2017’s WannaCry attack, major crimeware groups are adopting self-propagation methods that allow their malware to spread faster and more easily. They are also increasingly focused on cryptocurrency mining.

 Read: Hybrid approach needed for maximum protection against Cyber Attacks

DDoS attacks grow in volume

-DDoS entered the terabit attack era in 2018, as NETSCOUT Arbor successfully mitigated the largest DDoS attack ever recorded at 1.7 Tbps.

-In the first half of 2018, there were 47 DDoS attacks greater than 300Gbps globally, versus only seven during the same period in 2017. Asia Pacific was heavily targeted, with 35 attacks greater than 300Gbps versus only five during the same period in 2017.

 Additional Resources

-Download the full report here.