2022年全球网络威胁分析报告（英）-37页-WN6.pdf

《2022年全球网络威胁分析报告（英）-37页-WN6.pdf》由会员分享，可在线阅读，更多相关《2022年全球网络威胁分析报告（英）-37页-WN6.pdf（37页珍藏版）》请在taowenge.com淘文阁网|工程机械CAD图纸|机械工程制图|CAD装配图下载|SolidWorks_CaTia_CAD_UG_PROE_设计图分享下载上搜索。

1、Radwares 2022 Global Threat Analysis Report reviews the years most important cybersecurity events and provides detailed insights into the attack activity of 2022.The report leverages intelligence provided by Radwares Threat Intelligence Team,and network and application attack activity sourced from R

2、adwares Cloud and Managed Services,Global Deception Network and Threat Research team.2022Global Threat Analysis ReportReport2022 Global Threat Analysis ReportContentsExecutive Summary .3Denial-of-Service Attack Activity.5Attack Trends.5Attack Sizes.6Regions and Industries.7The Americas.8Europe,Middl

3、e East and Africa.10Asia Pacific(APAC).12Attack Protocols and Applications.14HTTPS Attack Vectors.16HTTP Attack Vectors.16DNS Attack Vectors.17IPv6 Attack Vectors.18Attack Vector Characterization.19Attack Complexity.21Network Scanning and Exploit Activity.22Log4Shell.23Web Application Attack Activit

4、y.25Security Violations.26Attacked Industries.27Attacking Countries.27Unsolicited Network Activity.28Most Scanned and Attacked TCP Ports.29Most Scanned and Attacked UDP Ports.30Attacking Countries.31Web Service Exploits.32Top User Agents.33Top HTTP Credentials.33Top SSH Usernames.34Appendix A.35List

5、 of Figures.36Tables.36Methodology and Sources.37About Radware.37Editors.37Executive Sponsors.37Production.372Contents2022 Global Threat Analysis ReportDuring 2022,cybersecurity threats continued to evolve and become more sophisticated.Ransomware continued to be a major issue,with many organizations

6、 falling victim to these attacks.Cybercriminals increasingly targeted cloud infrastructure and remote workers.Social engineering attacks,such as phishing and business email compromise(BEC)scams,remained popular among attackers.Additionally,a number of high-profile data breaches resulted in the loss

7、of sensitive personal and financial information.In response to these threats,organizations and governments stepped up their efforts to improve cybersecurity and protect against attacks.Distributed Denial of Service(DDoS)attacks have been a common and growing threat for many years,causing significant

8、 disruption to organizations.In 2022,Executive Summary DDoS attacks continued to be a major issue.The cyber landscape was marked by a sharp increase in malicious activities and DDoS attacks,particularly targeting organizations in the financial,healthcare,and technology sectors.Radwares Cloud DDoS Se

9、rvice recorded a 233%growth in blocked malicious events compared to the previous year,with the number of DDoS attacks growing by 150%.The total attack volume reached 4.44PB,a 32%increase from 2021.The largest recorded attack in 2022 was 1.46Tbps,a staggering 2.8 times larger than the largest attack

10、recorded in 2021.The frequency of attacks also saw a significant uptick,with organizations mitigating an average of 29.3 attacks per day in Q4 of 2022,a 3.5x increase compared to the previous year.EMEA was the most targeted region,with over half of all attacks aimed at organizations located in the r

11、egion.The financial sector bore the brunt of the attacks globally,accounting for 52.6%of the overall attack activity.The technology sector also saw a significant share of attacks at 20.3%,with healthcare third at 10.5%.DDoS Attack Trend Highlights233%1.5x4.44PBNumber of malicious events blocked by R

12、adwares Cloud DDoS ServiceTotal attack volume in 2022An increase of 32%compared to 2021The number of DDoS attacks grew by 150%3Executive Summary 2022 Global Threat Analysis ReportThe Americas saw a substantial increase in malicious activities,with a 328%growth in blocked malicious events and a 212%i

13、ncrease in DDoS attacks compared to 2021.The largest attack recorded in 2022 in this region was 1.46Tbps,6.8 times larger than the largest attack of 214Gbps recorded in 2021.The finance and healthcare sectors were the most targeted,with 31.5%and 23.9%of the overall attack activity,respectively.In co

14、ntrast,the EMEA region saw a decrease in attack volume of 44%.However,the frequency of attacks increased with organizations mitigating an average of 45 attacks per day in Q4 of 2022,a 4x increase compared to the previous year.The financial sector continued to be the most targeted,with 70.6%of the at

15、tack activity,followed by the technology sector at 16%.The increase in cyberattacks in 2022 can be attributed to a number of geopolitical events that took place during the year.The ongoing tensions between major world powers led to an increase in state-sponsored cyberattacks and espionage activities

16、.Additionally,the ongoing global shift towards digitalization and remote work due to the pandemic created new vulnerabilities for attackers to exploit.Web application and API attacks grew exponentially throughout 2022,resulting in an increase of 128%compared to 2021,a significantly faster growth com

17、pared to the 88%growth in 2021.Predictable resource location attacks targeting the hidden content and functionality of web applications accounted for almost half of attack activity in 2022.Code injection and SQL injection attacks represented more than a quarter of web application attacks.Retail&whol

18、esale trade,high tech and carriers represented 60%of all blocked web application attacks.Overall,the threat landscape in 2022 was a complex and rapidly evolving one,requiring organizations to have a comprehensive security strategy in place to protect against the wide range of threats they faced.Web

19、application and API attacks grew exponentially throughout 2022,resulting in an increase of 128%compared to 2021,a significantly faster growth compared to 88%growth in 20214Executive Summary 2022 Global Threat Analysis Report20212022051015Attack Volume per CustomerTBThe total number of malicious even

20、ts blocked by Radwares Cloud DDoS Service in 2022 grew by 233%,compared to 2021.The number of DDoS attacks grew by 150%.The total attack volume in 2022 was 4.44PB,an increase of 32%compared to 2021.The largest attack recorded in 2022 was 1.46Tbps,2.8 times compared to the largest attack of 520Gbps i

21、n 2021.Attack TrendsThroughout the year,the number of DDoS attacks per customer kept increasing every quarter,from less than 1,000 attacks per quarter in Q4 of 2021 to over 2,500 attacks per customer in Q4 of 2022.By the end of 2022,the average number of attacks mitigated per customer increased by o

22、ver three times.For comparison,in 2021 the average number of attacks per customer in Q4 of 2020 was slightly higher than the number of attacks in Q4 of 2021.The busiest quarter of 2021(Q2)saw a rise of almost 50%in the average number of attacks per customer.The trend for the number of attacks to inc

23、rease is significant and concerning.To put this in perspective,the number of attacks a customer witnessed per day at the end of 2021 was 8.41,compared to 29.3 attacks on average per day by the end of 2022,a 3.5x increase.The attack volume per customer did not grow at the same rate as the number of a

24、ttacks.The average total attack volume per customer in 2022 was 15TB,a modest increase of 14.3%compared to 2021.1.To calculate the average number of attacks per day,the average number of attacks per quarter is divided by 91(number of days in a quarter for 2 x 30+1 x 31)Denial-of-Service Attack Activ

25、ityAttack Volume20222021Number of DDoS Attacks20222021Largest Attack20222021Number of Malicious Events20222021Attack Volume20222021Number of DDoS Attacks20222021Largest Attack20222021Number of Malicious Events2022202120Q421Q121Q221Q321Q422Q122Q222Q322Q41000150020002500DDoS Attacks per CustomerNumber

26、 of Attacks20212022051015Attack Volume per CustomerTBFigure 1:Malicious events,DDoS attacks,volume and largest attack 2022 vs 2021Figure 2 Number of attacks per quarter,normalized per customerFigure 3 Yearly attack volume per customer5Denial-of-Service Attack Activity2022 Global Threat Analysis Repo

27、rtAttack SizesTo compare the characteristics of attacks recorded in 2022 and 2021,these were divided into buckets by attack size bracket.An upper and lower attack size defines each bracket and the attacks in the bucket.Compared to 2021,in 2022 there was a significant increase in the number of attack

28、s below 10Gbps,and a moderate but not insignificant increase in attacks above 250Gbps.The average size of attacks above 500Gbps was significantly larger in 2022.Attacks in 2022 were pushed out from the center to both ends of the attack size spectrum.The increase in attacks was most significant at th

29、e lower end of the attack size spectrum.In the center of the attack size spectrum,there was a moderate decrease in attacks,while the higher end of the spectrum showed a moderate increase.On average,smaller attacks tend to be shorter.Attacks below 1Gbps last on average 4 minutes,while attacks between

30、 50 and 100Gbps last on average 8.67 hours.The longest attacks seem to gather between 100 and 250Gbps,where on average the attacks lasted 66 hours,or 2.75 days.While the increase in the higher end of the attack size spectrum was less significant,the attacks did hit significantly harder compared to t

31、he biggest attacks in 2021.Figure 4:Number of attacks by attack size bracketFigure 6:Average attack duration per attack sizeFigure 7:Average attack size per size bracketFigure 5:Change in number of attacks per attack size bracket for 2022 compared to 20210,1)1,10)10,50)50,100)100,250)250,500)5001101

32、00100010k100k1M20212022Number of attacks by attack sizeAttack Size Gbpscount(log)0,1)1,10)10,50)50,100)100,250)250,500)500110100100010k100kIncrease in 2022 attacksAttack Size Gbpscount(log)4 mins4.14 hours7.12 hours8.67 hours66.0 hours26.28 hours17.59 hours0,1)1,10)10,50)50,100)100,250)250,500)50001

33、000200030004000Average duration per attack sizeDuration minutes0,1)1,10)10,50)50,100)100,250)250,500)5000200400600800100020212022Average Attack SizeAttack Size GbpsGbpsThe longest attacks seem to gather between 100 and 250Gbps,where on average the attacks lasted 66 hours,or 2.75 days6Denial-of-Servi

34、ce Attack Activity2022 Global Threat Analysis ReportRegions and IndustriesIn 2022,more than half of the attacks targeted organizations in EMEA.The Americas accounted for 35%of the attacks while 7.11%of the attacks targeted APAC organizations.The most significant attack volumes targeted customers in

35、the Americas,accounting for 84%of the total attack volume.EMEA customers,representing more than half of the number of attacks,accounted for 15.2%of the total attack volume.Finance was the most attacked industry in 2022,with 52.6%of the overall attack activity and a frequency of attacks growing a mod

36、est 2.4%compared to 2021.Technology represented 20.3%of the overall attack activity and suffered nearly the same number of attacks(+0.5%)compared to 2021.Healthcare was the third most attacked industry with 10.5%of attacks and was slightly more frequently the target of attackers(+1%)compared to 2021

37、.Other industries under attack in 2022 included communications(4.47%),government(3.9%)and research&education(2.28%).Industrials were attacked 72%more often in 2022 compared to 2021.Energy and research&education were the second and third most significant growth industries when comparing attacks in 20

38、22 to 2021.Figure 8:Blocked attacks per region for 2022Figure 10:Most attacked industries in 2022Figure 9:Blocked attack volume per region for 2022+72%+22%+15%+4.4%+3.6%+2.4%+2.0%+1.9%+1.7%+1.0%+0.9%+0.7%+0.5%+0.3%-0.1%-0.6%IndustrialsEnergyResearch&EducationGovernmentManufacturingFinanceE-CommerceT

39、ransportation&LogisticsCommunicationsHealthcareAutomotiveUtilitiesTechnologyTelecomRetailGaming0204060Attack Growth per Industry%increaseFigure 11:Attack growth per industry in 2022,compared to 2021Finance was the most attacked industry in 2022,with 52.6%of the overall attack activity and a frequenc

40、y of attacks growing 2.4%compared to 20217Denial-of-Service Attack Activity2022 Global Threat Analysis ReportThe AmericasIn 2022,the number of malicious events targeting customers in the Americas blocked by Radwares Cloud DDoS Service grew by 328%,compared to 2021.The number of DDoS attacks grew by

41、212%.The total attack volume in 2022 increased by 110%compared to 2021.The largest attack recorded in 2022 was 1.46Tbps,6.8 times greater than the largest 2021 attack of 214Gbps.The average number of attacks per customer in the Americas ended 2021 with 603 attacks per quarter and grew steeply to 1,4

42、20 attacks in Q1 of 2022.The number of attacks per customer peaked at 2,142 per quarter in Q3 and ended with 1,831 attacks per customer per quarter in Q4 of 2022.On average,organizations located in the Americas mitigated 20.1 attacks per day2 in Q4 of 2022,a 3x increase compared to 6.6 attacks per d

43、ay in Q4 of 2021.The average yearly attack volume blocked by Americas organizations increased by 88.1%in 2022 to an average of 34.44TB per customer.2.To calculate the average number of attacks per day,the average number of attacks per quarter is divided by 91(number of days in a quarter for 2 x 30+1

44、 x 31)20222021Number of malicious events-Americas20222021Number of DDoS attacks-Americas20222021Attack Volume-Americas20222021Largest Attack-Americas20222021Number of malicious events-Americas20222021Number of DDoS attacks-Americas20222021Attack Volume-Americas20222021Largest Attack-AmericasFigure 1

45、2:Malicious events,DDoS attacks,attack volume and largest attack 2022 vs 2021,The AmericasFigure 13:Average number of attacks per Americas organization,per quarter20Q421Q121Q221Q321Q422Q122Q222Q322Q4500100015002000DDoS Attacks per Customer-AmericasNumber of AttacksThe number of DDoS attacks grew by

46、212%.The total attack volume in 2022 increased by 110%compared to 2021.The largest attack recorded in 2022 was 1.46Tbps,6.8 times greater than the largest 2021 attack of 214Gbps8Denial-of-Service Attack Activity2022 Global Threat Analysis ReportFinance was the most attacked industry in the Americas

47、in 2022,with 31.5%of attack activity,and the frequency of attacks growing in line with global growth of 2.4%compared to 2021.Healthcare represented 23.9%of the attack activity,a slight increase of 1.7%compared to 2021.Technology was the third most attacked industry in the Americas with 17.2%of the a

48、ttacks,slightly more frequently the target of attackers(+1.5%)compared to 2021.Other industries attacked in the Americas in 2022 included communications(12.3%),research&education(4.41%)and government(2.75%).Industrials were attacked 72%more often in 2022 compared to 2021.Research&education and gover

49、nment were the second and third most significant growth industries when comparing attacks in 2022 to 2021.Figure 14:Average yearly attack volume for Americas organizationsFigure 15:Most attacked industries in the Americas in 2022202120220102030Attack Volume per Customer-AmericasTBFinance31.5%Healthc

50、are23.9%Technology17.2%Communications12.3%Other7.96%Research&Education4.41%Government2.75%Attacked Industries-Americas+72%+9.8%+7.4%+3.9%+3.6%+2.4%+2.2%+1.7%+1.7%+1.5%-0.4%IndustrialsResearch&EducationGovernmentManufacturingTelecomFinanceTransportation&LogisticsHealthcareCommunicationsTechnologyReta