oday released its 2018 NETSCOUT Threat Intelligence Report, offering globally scoped internet threat intelligence together with the analysis of their security research organization. The report covers the latest trends and activities from nation-state advanced persistent threat (APT) groups, crimeware operations and Distributed Denial of Service (DDoS) attack campaigns.
“ATLAS is a collaborative project with hundreds of service provider customers who have agreed to share anonymous traffic data equaling approximately one-third of all internet traffic. From this unique vantage point, NETSCOUT is ideally positioned to deliver intelligence about DDoS attacks, malware families and botnets that threaten Internet infrastructure and network availability,” said Hardik Modi, senior director, Threat Intelligence, NETSCOUT. “This report makes clear that threat actors are increasingly leveraging internet-scale threats, such as NotPetya, for targeted, highly selective campaigns.”
“NETSCOUT brings unique insights to the global threat landscape through their ATLAS infrastructure. While they’re best known for DDoS defense, the company has built an impressive security research organization that digs deep into malware campaigns and botnets at a global level, providing much needed context to the overall threat environment. By studying the infrastructure, the command and control, they’re gathering much of their intelligence straight from the source,” said Rob Ayoub, research director, Security Products program, IDC.
APT groups expand the scope
State-sponsored activity has developed to the point where campaigns and frameworks are discovered regularly for a broad tier of nations. Nation-state APT groups are also using internet-scale intrusions such as NotPetya, CCleaner, VPNFilter for targeted, highly selective campaigns.
Crimeware actors diversify attack methods
Inspired by 2017’s WannaCry attack, major crimeware groups are adopting self-propagation methods that allow their malware to spread faster and more easily. They are also increasingly focused on cryptocurrency mining.
DDoS attacks grow in volume
DDoS entered the terabit attack era in 2018, as the largest DDoS attack ever recorded at 1.7 Tbps. In the first half of 2018, there were 47 DDoS attacks greater than 300Gbps globally, versus only seven during the same period in 2017. Asia Pacific was heavily targeted, with 35 attacks greater than 300Gbps versus only five during the same period in 2017.