According to a report from NETSCOUT on threat intelligence, 6,019,888 global distributed denial-of-service (DDoS) attacks took place in the first half of 2022.

DDoS attacks can overload a target or its surrounding infrastructure with a high increase of internet traffic, disrupting the routine traffic of a targeted server, service or network.

Crucial business software that companies utilize for their day-to-day operations such as customer relationship management (CRM), salesforce automation and email are particular targets, according to the report, posing a serious danger to business continuity and resulting in downtime and reputational damage.

NETSCOUT highlights that DDoS attacks are evolving, becoming increasingly difficult to detect as they mimic legitimate traffic and require a high level of skill and technology for defenders to identify them as attacks.

The report emphasizes that attackers are increasingly using adaptive DDoS to degrade network availability, which involves adversaries conducting in-depth pre-attack reconnaissance to identify specific service delivery chain components to target. For instance, state exhaustion attacks, which accounted for four of the top five attack vectors this year, target stateful devices such as firewalls and virtual private network (VPN) concentrators, which are critical components of the security stack.

These are desirable targets as attacks against them can be lower in scale and created to avoid defenses intended to counter other threats, reducing the number of administrative boundaries that DDoS attack traffic must cross. This subsequently leads to fewer opportunities to detect and counteract the attack.

As attack methods evolve, network operators must reflect this in their defenses to overcome new challenges, says NETSCOUT. Owing to the nature of constantly changing attacks, essential defenses must be capable of not just managing volumetric attacks, but also identify attacks specifically designed to evade recognized security mechanisms.

The present threat landscape necessitates an agile security model – one that can work both inside and outside the network and adapts to changing attack paths and methodologies. Therefore, a hybrid strategy is the best practice for securing networks. Protection strategies of the past will suffice in some situations, but the new attack environment is based on techniques like application-layer attacks and TCP state exhaustion that are deliberately tailored to bypass those defenses.

Additionally, it is crucial to not only react rapidly to attacks that miss the cloud solution and target the network edge or an internet-facing service, but also swiftly update defenses to adjust to slight changes in adaptive DDoS onsite.

The report concludes that by implementing adaptive DDoS defenses across all of its network edges, operators can defeat DDoS attack traffic as it enters – or even before it coalesces into a large-scale attack.