2022年全球網(wǎng)絡(luò)威脅分析報告（英）

Report2022Glob

a

lT

hreatAnalysis

Repor

tRadware’s2022

Global

Threat

Analysis

Report

reviews

the

year’smost

important

cybersecurity

events

and

provides

detailedinsights

into

the

attack

activity

of2022.The

report

leveragesintelligence

provided

byRadware’sThreat

Intelligence

Team,

andnetwork

and

application

attack

activity

sourced

from

Radware’sCloud

and

Managed

Services,

GlobalDeception

Network

andThreat

Research

team.2022

Global

Threat

Analysis

ReportContentsExecutive

Summary

3Unsolicited

Network

Activity

28Most

Scanned

and

AttackedTCPPorts

29Most

Scanned

and

AttackedUDPPorts

30AttackingCountries

31WebService

Exploits

32Top

UserAgents33Top

HTTP

Credentials33Top

SSHUsernames

34Denial-of-Service

Attack

Activity5Attack

Trends

5Attack

Sizes

6Regionsand

Industries

7The

Americas8Europe,MiddleEast

and

Africa

10Asia

Pacific(APAC)

12Attack

Protocolsand

Applications

14HTTPS

Attack

Vectors

16HTTP

Attack

Vectors

16DNS

Attack

Vectors

17IPv6

Attack

Vectors

18Attack

VectorCharacterization

19Attack

Complexity

21Network

Scanningand

Exploit

Activity

22Log4Shell

23Appendix

A35List

of

Figures36Tables

36Methodology

and

Sources

37About

Radware

37Editors

37ExecutiveSponsors

37Production

37Web

Application

Attack

Activity

25Security

Violations26AttackedIndustries27AttackingCountries272Contents2022

Global

Threat

Analysis

ReportExecutive

SummaryDuring

2022,cybersecurity

threatscontinuedto

evolveandbecome

more

sophisticated.RansomwareDDoSattacks

continuedtobeamajorissue.Thecyberlandscapewas

markedbyasharpincreaseinmaliciousactivitiesandDDoSattacks,

particularlytargetingorganizationsinthefinancial,healthcare,andtechnologysectors.Radware’sCloudDDoSServicerecordeda233%growthinblockedmaliciouseventscomparedtothepreviousyear,

withthenumberofDDoSattacksgrowingby150%.Thetotalattack

volumereached4.44PB,a32%

increasefrom2021.

Thelargestrecordedattack

in2022

was

1.46Tbps,astaggering2.8timeslargerthanthelargestattack

recordedin2021.continuedto

bea

majorissue,with

many

organizationsfallingvictim

to

these

attacks.

Cybercriminals

increasingly

targetedcloudinfrastructure

andremote

workers.

Social

engineeringattacks,

such

as

phishing

and

business

email

compromise

(BEC)scams,

remained

popular

among

attackers.

Additionally,a

numberof

high-profiledata

breaches

resulted

inthe

loss

of

sensitivepersonal

and

financial

information.

In

response

to

these

threats,organizations

and

governments

stepped

up

their

efforts

toimprovecybersecurity

and

protect

against

attacks.Thefrequencyofattacks

alsosawasignificantuptick,withorganizationsmitigatinganaverageof29.3attacks

perdayinQ4of2022,

a3.5xincreasecomparedtothepreviousyear.

EMEAwas

themosttargetedregion,withoverhalfofallattacks

aimedatorganizationslocatedintheregion.Thefinancialsectorborethebruntoftheattacks

globally,accountingfor52.6%oftheoverallattack

activity.Thetechnologysectoralsosawasignificantshareofattacks

at20.3%,withhealthcarethirdat10.5%.DistributedDenialofService(DDoS)attacks

havebeenacommonandgrowingthreatformanyyears,causingsignificantdisruptiontoorganizations.In2022,DDoS

Attack

TrendHighlightsNumber

of

malicious

eventsblocked

by

Radware’sCloud

DDoS

ServiceTotal

attackvolume

in

20221.5x

4.4

4PB233%attacks

grew

by

150%compared

to2021Thenumber

of

DDoSAn

increase

of

32%3Executive

Summary2022

Global

Threat

Analysis

ReportThe

Americas

saw

a

substantial

increase

in

malicious

activities,

with

a

328%growth

in

blocked

maliciousevents

and

a

212%

increase

in

DDoSattackscompared

to

2021.

The

largest

attack

recorded

in

2022

in

this

region

was1.46Tbps,

6.8

times

larger

than

the

largest

attack

of

214Gbps

recorded

in

2021.The

finance

and

healthcare

sectors

werethe

most

targeted,

with

31.5%and23.9%

ofthe

overallattack

activity,

respectively.Web

application

andAPI

attacks

grewexponentially

throughout2022,

resulting

inIncontrast,

the

EMEA

region

saw

a

decrease

inattack

volume

of44%.

However,the

frequency

ofattacks

increased

with

organizations

mitigating

an

average

of45attacks

per

day

inQ4

of

2022,a

4xincrease

compared

to

the

previous

year.The

financial

sector

continued

to

be

the

most

targeted,

with70.6%

ofthe

attackactivity,followed

bythe

technology

sector

at

16%.an

increaseof

128

%comparedto2021,

asignificantly

faster

growthcomparedto88%

growthin

2021The

increase

in

cyberattacks

in

2022

can

be

attributed

to

a

number

of

geopoliticalevents

that

took

place

during

the

year.

The

ongoing

tensions

between

majorworld

powers

led

to

an

increase

in

state-sponsored

cyberattacks

andespionageactivities.

Additionally,

the

ongoing

globalshifttowards

digitalization

and

remotework

due

to

the

pandemic

creatednewvulnerabilities

for

attackers

to

exploit.Web

application

and

API

attacks

grew

exponentiallythroughout

2022,

resultingin

an

increase

of

128%

compared

to

2021,

a

significantly

faster

growth

comparedto

the

88%

growth

in

2021.

Predictable

resource

location

attacks

targeting

thehidden

content

and

functionality

of

web

applications

accounted

for

almosthalfofattack

activity

in

2022.

Codeinjection

and

SQL

injection

attacks

representedmore

than

a

quarter

of

web

application

attacks.

Retail&

wholesale

trade,

hightech

and

carriers

represented

60%

of

all

blocked

web

application

attacks.Overall,

the

threat

landscape

in

2022was

a

complex

and

rapidly

evolving

one,requiringorganizations

to

havea

comprehensivesecurity

strategy

in

placetoprotect

against

the

wide

rangeofthreats

they

faced.4Executive

Summary2022

Global

Threat

Analysis

ReportDenial-of-Ser

vice

At

tack

ActivityThe

total

number

of

maliciouseventsblocked

byRadware’s

Cloud

DDoSService

in

2022

grewby233%,comparedto

2021.

Thenumber

of

DDoSattacks

grewby

150%.The

total

attack

volume

in

2022

was

4.44PB,

anincreaseof

32%

comparedto

2021.

The

largest

attack

recorded

in2022

was

1.46Tbps,2.8

timescomparedto

the

largest

attack

of520Gbps

in

2021.Figure

1:

Maliciousevents,

DDoSattacks,volumeandlargestattack2022

vs

2021Attack

VolumeNumber

of

DDoS

AttacksLargest

AttackNumber

ofMaliciousEvents20222022202220222021202120212021Attack

TrendsThroughouttheyear,

thenumberofDDoSattacks

percustomerkeptincreasingeveryquarter,fromlessthan1,000attacks

perquarterinQ4of2021

toover2,500attacks

percustomerinQ4of2022.

Bytheendof2022,theaveragenumberofattacks

mitigatedpercustomerincreasedbyoverthreetimes.Forcomparison,in2021

theaveragenumberofattacks

percustomerinQ4of2020

was

slightlyhigherthanthenumberofattacks

inQ4of2021.

Thebusiestquarterof2021

(Q2)

sawariseofalmost50%

intheaveragenumberofattacks

percustomer.DDoSAttacksperCustomerFigure

22500200015001000Number

of

attacksper

quarter,normalized

percustomer20Q421Q121Q221Q321Q422Q122Q222Q322Q4Thetrendforthenumberofattacks

toincreaseissignificantandconcerning.To

putthisinperspective,thenumberofattacks

acustomerwitnessedperAttackVolumeperCustomerdayattheendof2021

was

8.4

,comparedto29.3attacks

onaverageperday115105bytheendof2022,

a3.5xincrease.Figure

3Yearly

attack

volumeper

customerTheattack

volumepercustomerdidnotgrowatthesamerateas

thenumberofattacks.

Theaveragetotalattack

volumepercustomerin2022

was

15TB,amodestincreaseof14.3%

comparedto2021.0202120221.

To

calculate

the

average

number

of

attacks

per

day,

the

average

number

of

attacks

per

quarteris

divided

by

91

(number

of

daysin

aquarter

for2

x

30+

1

x

31)5Denial-of-Service

Attack

Activity2022

Global

Threat

Analysis

ReportAttack

SizesTo

comparethecharacteristicsofattacksrecordedin2022

and2021,

theseweredividedintobucketsbyattack

sizebracket.Anupperandlowerattack

sizedefineseachbracketandtheattacks

inthebucket.Figure

4:

Number

ofattacksbyattacksizebracketFigure

5:

Changein

number

ofattacksperattacksizebracketfor

2022

comparedto2021NumberofattacksbyattacksizeIncreasein2022attacks1M100k10k1000100102021100k10k1000100102022Comparedto2021,

in2022

therewas

asignificantincreaseinthenumberofattacksbelow10Gbps,andamoderatebutnotinsignificantincreaseinattacks

above250Gbps.Theaveragesizeofattacks

above500Gbpswassignificantlylargerin2022.11[0,1)[1,10)[10,50)[50,100)[100,250)[250,500)>

500[0,1)[1,10)[10,50)[50,100)[100,250)[250,500)>500AttackSize[Gbps]AttackSize[Gbps]Attacks

in

2022

were

pushedout

from

the

centerto

both

ends

ofthe

attack

sizespectrum.

Theincrease

inattacks

was

most

significant

atthelower

end

ofthe

attack

sizespectrum.

Inthecenter

ofthe

attack

sizespectrum,

there

was

amoderate

decrease

inattacks,

whilethe

higherend

ofthe

spectrum

showeda

moderate

increase.The

longest

attacks

seem

to

gather

betweenon

average

the100

and

250Gbps,

whereattacks

lasted

66

hours,

or

2.75

daysOn

average,

smallerattacks

tend

to

be

shorter.Attacks

below

1Gbpslast

on

average

4

minutes,whileattacks

between

50

and

100Gbps

last

onaverage

8.67hours.

The

longest

attacks

seemto

gather

between

100and

250Gbps,

where

onaverage

the

attacks

lasted

66

hours,

or

2.75

days.Figure

6:

AverageattackdurationperattacksizeFigure

7:

AverageattacksizepersizebracketAveragedurationperattack

sizeAverageAttackSize10008006004002000202166.0hours2022Whiletheincreaseinthehigherendoftheattacksizespectrumwas

lesssignificant,theattacksdidhitsignificantlyhardercomparedtothebiggestattacks

in2021.400030002000100026.28hours17.59hours7.12hours8.67hours4.14hours4

mins0[0,1)[1,10)[10,50)[50,100)[100,250)[250,500)>500[0,1)[1,10)[10,50)[50,100)[100,250)[250,500)>

500AttackSize[Gbps]6Denial-of-Service

Attack

Activity2022

Global

Threat

Analysis

ReportRegions

and

IndustriesIn

2022,

more

than

half

ofthe

attacksFigure

8:Blocked

attacks

per

region

for

2022Figure

9:Figure

10:Most

attacked

industries

in2022targeted

organizations

inEMEA.

The

Americasaccounted

for

35%

ofthe

attacks

while

7.11%ofthe

attacks

targeted

APACorganizations.Blocked

attackvolume

per

region

for

2022Themostsignificantattack

volumestargetedcustomersintheAmericas,accountingfor84%ofthetotalattack

volume.EMEAcustomers,representingmorethanhalfofthenumberofattacks,

accountedfor15.2%ofthetotalattack

volume.Financewas

the

most

attacked

industryin

2022,with

52.6%

ofthe

overallattackactivity

and

a

frequency

ofattacks

growing

amodest

2.4%

compared

to

2021.

Technologyrepresented20.3%

ofthe

overallattackactivity

and

suffered

nearly

the

samenumber

ofattacks

(+0.5%)

compared

to2021.

Healthcare

was

the

third

mostattacked

industry

with

10.5%

ofattacks

andwas

slightly

more

frequently

the

target

ofattackers

(+1%)

compared

to

2021.

Otherindustriesunderattack

in

2022

includedcommunications

(4.47%),

government

(3.9%)and

research

&

education

(2.28%).Figure

11:

Attack

growth

per

industry

in2022,

compared

to

2021Finance

was

themost

attackedAttackGrowthperIndustry+72%industry

in

2022,with

52.6%

of

theoverallattack

activityand

a

frequency

ofattacksgrowing

2.4%compared

to

20216040+22%20+15%+4.4%

+3.6%+2.4%

+2.0%

+1.9%

+1.7%+1.0%

+0.9%

+0.7%

+0.5%

+0.3%0Industrials

wereattacked

72%

more

often

in2022

compared

to

2021.

Energy

and

research&

education

werethe

second

and

third

mostsignificant

growth

industries

when

comparingattacks

in

2022to

2021.-0.1%

-0.6%7Denial-of-Service

Attack

Activity2022

Global

Threat

Analysis

ReportThe

AmericasIn

2022,the

number

of

maliciouseventstargeting

customers

inthe

Americas

blockedby

Radware’s

Cloud

DDoSService

grew

by328%,

compared

to

2021.

The

number

of

DDoSattacks

grew

by

212%.The

total

attack

volumein

2022increased

by

110%

compared

to

2021.The

largest

attack

recorded

in

2022was1.46Tbps,

6.8

times

greater

than

the

largest2021

attack

of

214Gbps.Figure

12:

Malicious

events,

DDoS

attacks,

attack

volume

and

largest

attackThe

number

of2022

vs

2021,

The

AmericasNumberofDDoSattacks-AmericasDDoSattacks

grewby

212%

.

The

totalattack

volume

in

2022increased

by

110

%compared

to

2021.The

largest

attackrecorded

in

2022was

1.46Tbps,Numberofmaliciousevents-Americas2022202220212021The

average

number

ofattacks

per

customerinthe

Americas

ended

2021

with

603

attacksper

quarter

and

grew

steeply

to

1,420attacksin

Q1

of

2022.The

number

ofattacks

percustomer

peaked

at

2,142

per

quarter

in

Q3and

ended

with

1,831attacks

per

customerper

quarter

inQ4

of

2022.On

average,Attack

Volume-AmericasLargestAttack

-Americas6.8

times

greaterthan

the

largest

2021attack

of

214Gbps20222022organizations

located

inthe

Americas2021mitigated

20.1

attacks

per

day

inQ4

of

2022,22021a

3x

increase

compared

to

6.6

attacks

per

dayinQ4

of

2021.The

average

yearly

attack

volume

blocked

byAmericas

organizations

increased

by

88.1%

in2022to

an

average

of

34.44TB

per

customer.Figure

13:

Average

number

of

attacks

per

Americas

organization,

per

quarterDDoSAttacksperCustomer-Americas2000150010005002.

To

calculate

the

average

number

of

attacks

per

day,

the

average

number

ofattacks

per

quarteris

divided

by

91

(number

of

daysin

a

quarter

for2

x

30+1

x

31)20Q421Q121Q221Q321Q422Q122Q222Q322Q48Denial-of-Service

Attack

Activity2022

Global

Threat

Analysis

ReportFinancewas

the

most

attacked

industry

inthe

Americasin

2022,with

31.5%

ofattackactivity,

and

the

frequency

ofattacks

growingin

linewith

global

growth

of

2.4%

comparedto

2021.

Healthcare

represented23.9%

ofthe

attack

activity,

a

slightincreaseof

1.7%compared

to

2021.

Technologywas

the

thirdmost

attacked

industry

inthe

Americas

with17.2%

ofthe

attacks,

slightly

more

frequentlythe

target

ofattackers

(+1.5%)

comparedto

2021.

Other

industries

attackedintheAmericas

in

2022

included

communications(12.3%),research

&

education

(4.41%)

andgovernment

(2.75%).Figure

14:Figure

15:Average

yearly

attack

volume

for

Americas

organizationsMost

attacked

industries

in

the

Americas

in2022AttackedIndustries-AmericasAttack

Volume

per

Customer-AmericasHealthcare23.9%3020100Technology17.2%Finance31.5%20212022Other7.96%Government2.75%Research&EducationIndustrials

wereattacked

72%

more

oftenin

2022

compared

to

2021.

Research

&education

and

government

werethe

secondand

third

most

significant

growth

industrieswhen

comparing

attacks

in

2022to

2021.4.41%Figure

16:

Attack

growth

per

industry

in

the

Americas

in

2022,

compared

to

2021Attack

GrowthperIndustry-Americas+72%604020+9.8%+7.4%+3.9%+3.6%+2.4%+2.2%+1.7%+1.7%+1.5%0-0.4%9Denial-of-Service

Attack

Activity2022

Global

Threat

Analysis

ReportEurope,

Middle

East

and

AfricaIn

2022,the

number

of

maliciouseventstargeting

EMEA

customersblocked

byRadware’s

Cloud

DDoSService

grew

by158%,

compared

to

2021.

The

number

ofDDoSattacks

grew

by140%.

The

total

attackvolume

in

2022decreasedby

44%

comparedto

2021.

The

largest

attack

recorded

in

2022was

518.7Gbps,

similar

in

sizeto

the

largest2021

attack

of

519.6Gbps.Figure

17:

Malicious

events,

DDoS

attacks,

attack

volume

and

largest

attackIn

2022,

the

numberof

DDoS

attackstargeting

EMEAorganizations

grewby

140%.

In

Q42022

vs

2021,

EMEANumberofmaliciousevents-EMEANumberofDDoSattacks-EMEA20222022of

2022,

EMEA20212021The

average

number

ofattacks

per

customerinEMEA

almost

tripled

between

the

firstand

last

quarter

ofthe

year.

InQ4

of

2021,EMEA

organizations

mitigated

on

averageorganizations

blockedon

average

45attacksper

day,

a

4x

increasecompared

to

Q4of

2021Attack

Volume-EMEALargestAttack

-EMEA1,029attacks

or

11.3

attacks

per

day

.

InQ42021202220213of

2022,EMEA

organizations

mitigated

onaverage

4,093

attacks,

or

45attacks

per

day,a

4xincrease

compared

to

Q4

of

2021.2022In

2022,

theaverage

yearly

attack

volumeblocked

by

organizations

in

EMEA

decreased

by49.5%

to

an

average

of

6.50TB

per

customer.Figure

18:

Average

number

of

attacks

per

EMEA

organization,

per

quarterDDoSAttacksperCustomer-EMEA40003000200010003.

To

calculate

the

average

number

of

attacks

per

day,

the

average

number

ofattacks

per

quarteris

divided

by

91

(number

of

daysin

a

quarter

for2

x

30+1

x

31)20Q421Q121Q221Q321Q422Q122Q222Q322Q410Denial-of-Service

Attack

Activity2022

Global

Threat

Analysis

ReportIn

2022,

finance

was

the

most

attackedindustry

inEMEA

with70.6%

ofthe

attackactivity.

This

represents

a

2.6%rise

year-over-year,a

slightly

faster

growth

compared

to

theglobal

rate

of

2.4%.

Technology

represented16%

ofthe

attack

activity,

a

slightdecreaseof0

.1%

compared

to

2021.

Government

wasthe

third

most

attacked

industry

inEMEAwith

4.09%

ofthe

attacks

and

the

fastestgrowing

industry

with

11%

more

attackscompared

to

2021.

Other

notable

industriesin

2022

includedhealthcare

(3.32%),research&

education

(1.28%)and

telecom

(1.13%).E-commerceand

healthcare

werethe

secondand

third

most

significant

growth

industrieswhen

comparing

attacks

in

2022to

2021.Figure

19:

Average

yearly

attack

volume

for

EMEA

organizationsFigure

20:

Most

attacked

industries

in

EMEA

in2022AttackedIndustries-EMEAAttack

Volume

per

Customer-

EMEATechnology16%Other3.6%Research&Education1.28%105Telecom1.13%020212022Finance70.6%Figure

21:

Attack

growth

per

industry

in

EMEA

in2022

compared

to

2021Attack

GrowthperIndustry-EMEA+11%108+6.0%6+4.2%4+2.6%+2.2%+2.1%2+1.2%+1.0%

+0.9%+0.7%0-0.1%-0.2%-0.5%11Denial-of-Service

Attack

Activity2022

Global

Threat

Analysis

ReportAsia

Pacific

(APAC)In

2022,the

number

of

maliciouseventstargeting

APACcustomersblocked

byRadware’s

Cloud

DDoSService

grew

by

207%compared

to

2021.

The

number

of

DDoSattacks

grew

by

51%.

The

largest

attackrecorded

in

2022was

74.1Gbps,

a

third

thesize

ofthe

largest

attack

of

228Gbps

in

2021.Figure

22:

Malicious

events,

DDoS

attacks

and

largest

attack

2022

vs

2021,

APACIn

2022,

the

number

ofDDoS

attacks

targetingAPAC

organizationsgrew

by

51%

.Numberofmaliciousevents-APACNumberofDDoSattacks-APAC20222022In

Q4

of

2022,The

average

number

ofattacks

per

APACorganization

started

2022

slightly

aboveQ4

of

2021.

The

average

number

reached

aminimum

of

215

attacks

per

quarter

in

Q2

andswiftly

rose

to

an

average

of

1,110

attacksper

organization

inQ4

of

2022.

InQ4

of

2021,APACorganizations

mitigated

on

average

4052021organizations

inAPAC

mitigated

onaverage

12.2

attacksper

day,a

2.7xincrease

comparedto

Q4

of

20212021LargestAttack

-

APAC2021attacks,

or

4.5

attacks

per

day

.

InQ4

of

2022,4APACorganizations

mitigated

on

average1,110

attacks,

or

12.2

attacks

per

day,a

2.7xincrease

compared

to

Q4

of

2021.2022Figure

23:

Average

number

of

attacks

per

APAC

organization,

per

quarterDDoSAttacksperCustomer-APAC120010008006004004.

To

calculate

the

average

number

of

attacks

per

day,

the

average

number

ofattacks

per

quarteris

divided

by

91

(number

of

daysin

a

quarter

for2

x

30+1

x

31)20020Q421Q121Q221Q321Q422Q122Q222Q322Q412Denial-of-Service

Attack

Activity2022

Global

Threat

Analysis

ReportTechnologywas

the

most

attacked

industry

in

APAC

in

2022,with70.2%

ofthe

APACattack

activity

representing

a

growth

of

9.9%

year-over-year,a

significantly

faster

growth

compared

to

the

global

0.5%.Financerepresented

9.35%

ofthe

attack

activity,

a

slightdecrease

of

0.4%compared

to

2021.

Government

was

the

third

most

attacked

industry

inAPACwith

7.92%

ofattacks,

slightly

up

by

0.4%

compared

to

2021.

Otherindustries

attackedin

2022

includedretail

(3.46%),

healthcare

(2.61%)

andcommunications

(2.3%).Figure

25:Most

attacked

industries

inAPAC

in2022In

2022,

APACorganizations

inthe

manufacturing

and

technology

industrieswereattacked

10%

more

often

compared

to

2021.

Communications

andretail

werethe

third

and

fourth

most

significant

growth

industries

whencomparing

attacks

in

2022to

those

in

2021.Figure

26:

Attack

growth

per

industry

in

APAC

in2022,

compared

to

2021Attack

GrowthperIndustry-APAC+10%+9.9%10864+2.7%+2.1%2+0.4%0-0.1%-0.4%-0.8%-0.9%-0.9%13Denial-of-Service

Attack

Activity2022

Global

Threat

Analysis

ReportAttack

Protocols

and

ApplicationsUser

Datagram

Protocol

(UDP)

is

byfar

the

most

leveraged

protocol

in

DDoSattacks.

Becauseofits

stateless

character,

UDP

allows

legitimate

servicesto

be

abused

to

send

largevolumes

of

unsolicited

traffic

to

victims

throughreflection

and

amplification

attacks.

TCPSYN

and

out-of-state

packetscan

be

leveraged

for

volumetricattacks,

but

TCP

istypically

the

most

usedprotocol

for

exhausting

resourceson

devices

and

servers.Figure

27:

Protocols

leveraged

by

attacks

in

2022Figure

28:

Top

targeted

applications

by

volumeProtocolsbyPacketsTop

ApplicationsbyVolumeUDPHTTPTCPICMPIPDNSHTTPSNTPHTTPS26%GGPIGMPMemcachedSIPDNS26.4%ChargenSSDPTCP15.1%HT

TP,

DNS,

HTTPS

and

NTP

werethe

most

targeted

applications.Online

applications

werethe

most

obvious

targets

for

attacks

in

2022,representing

62.5%

ofthe

targeted

applications.

DNS

represented

26.4%

ofthe

targeted

applications,

unsurprising

because

DNS

isan

important

wayoftargetingonline

applications.If

the

nameofa

web

resource

cannot

beresolved

to

an

IP

address

through

DNS,the

resource

willbeinaccessibleandappear

offline

even

though

the

serviceis

available

and

able

to

process

newrequests

and

transactions.DHDiscoverSMTPNTP5.75%ICMP0.267%IP0.078%GGP0.00015%IGMP0.00000831%Memcached2.92%UDP84.6%SIP1.52%Chargen0.444%SSDP0.327%DHDiscover0.109%SMTPHTTP36.5%0.0531%By

a

significant

margin,

the

top

attack

vector

was

UDPflood

(78.1%),followed

by

UDPfragment

flood

(5.73%).

TCPattacks

through

severalvariationsofflag

attacks

completed

the

vectors

above

1%

comprising

TCPSYN

(5.53%),

TCP

Out-of-State

(5.27%),

TCPSYN-ACK

(2.27%)and

TCPRST(1.59%)floods.Figure

29:

Top

attack

vectors

by

packetsTop

AttackVectorsbyPacketsUDPFloodUDPFragSY