According to the recent DDoS report of 2022 by Cloudflare, Q1 2022 was characterized by a dramatic increase in the number of application-layer DDoS attacks. Namely, HTTP-layer DDoS attacks jumped by 164% YoY, and 135% QoQ and the peak was in March 2022. Although the network-layer attacks decreased by 58% QoQ, their number increased by 71% YoY. Telecommunication, gaming, and gambling industries were the most lucrative targets for malicious actors launching DDoS attacks.
At the same time, the share of ransom DDoS attacks dropped from 28% in December 2021 to only 3% in March 2022, indicating that DDoS attacks are primarily focused on business disruption rather than bringing financial gains to hackers.
The other important characteristic of most detected DDoS attacks is their duration. When speaking about network-layer DDoS attacks, less than 5% of these attacks lasted more than 40 minutes. Such quick attacks are dangerous since they can remain undetected by DDoS protection services.
According to Netscout, 9.7M DDoS attacks were recorded in 2021, a 14% increase compared to 2019, the last pre-pandemic year.
In 2021, malicious actors behind DDoS campaigns focused on targeting VoIP (Voice over Internet Protocol) providers. These companies serve many customers and, thus, bringing them down may allow attackers to demand substantial ransom. VoIP providers in Western Europe, North America, and the UK were the primary targets for bad actors. The list of VoIP providers that admitted to experiencing DDoS attacks in 2021 includes bandwidth.com, VoIP.ms, and VoIP Unlimited. VoIP providers lost between $9M and $12M due to DDoS attacks in 2021.
The financial sector remains one of the most lucrative targets for DDoS bad actors. In June 2021, one of the top 15 European banks with a global presence was hit by a multi-vector attack, and there were three large bursts of traffic. In total, this attack reached a volume of 200 gigabytes.
DDoS attacks also target the infrastructure sector. In March 2022, Connecticut’s Bradley Airport website was hit by a DDoS attack that did not cause any damage to the airport’s operations. And in April 2022, the Israel Airports Authority website was hit by a DDoS attack launched by the pro-Iran hacking group Altahrea Team. The operational systems and networks remained unaffected.
In January 2022, the Nobel Foundation and the Norwegian Institute disclosed details about the experienced cyberattack. The possible purpose of this attack was to cause reputation damage to the institution. State-backed actors likely initiated this attack, and it demonstrates that even non-political and non-profit organizations are also vulnerable to DDoS attacks.
The separate big category of targets for bad actors initiating DDoS attacks is government structures and government-linked entities. A few days before the russian invasion, Ukraine experienced a powerful DDoS attack. The websites of the Ukrainian Defence Ministry and the Armed Forces of Ukraine were attacked. The clients of the country’s state-owned banks PrivatBank and Oschadbank also reported issues with ATMs and banking services. The primary purpose of this attack was to cause panic in Ukraine amid the rising tensions and uncertainty around the situation near the country’s national borders with belarus and russia.
It also important to note that even before the russian invasion of Ukraine, the global community observed a shocking tendency of more than 1,800% surge in the volume of government-targeted DDoS attacks in 2021. At the same time, the actual attack events decreased by 70% meaning that these attacks were much more severe compared to 2020. Thus, government actors need to prioritize protecting themselves against disruptions attributable to DDoS attacks.
The attacks described above demonstrate that entities of all types may be subject to malicious DDoS campaigns. Even if they do not cause severe financial damage to victims, they can heavily affect their operations and undermine their capacity to deal with follow-up attacks.
Cybersecurity vendors offer various services to protect clients against cyberattacks such as DDoS campaigns. One of such services is referred to as DDoS stress testing. The purpose of DDoS stress testing is to evaluate the client’s Internet systems and infrastructure resistance to DDoS and related attacks. This is achieved by identifying vulnerable elements in the client’s IT infrastructure through a series of realistic and well-designed attacks.
The cyberattacks simulated by professionals do not cause any real damage to clients. After the attack, vendors provide clients with a report containing all findings and recommendations on how to fix detected vulnerabilities.
There are two approaches to DDoS stress testing:
This process needs to be performed regularly, such as twice a year or every three months, to ensure the maximum positive impact of DDoS protection and stress testing on companies’ cybersecurity.
The company disBalancer, which has become a well-known brand in the cybersecurity space since February 2022 due to its active involvement in cyberattacks against russia, also offers DDoS protection and stress testing services to companies, but disBalancer is not available to businesses operating or headquartered in russia or belarus.
Hackers do not worry about your sphere of business, status, or philosophy. Their only purpose is to cause damage to you and make money. Your responsibility is to protect your business against these bad actors. And you can do it with disBalancer.