The geopolitical situation in Eastern Europe has impacted the nature and intensity of DDoS attacks. The attacks have become more advanced and powerful while creating new trends. Let us take a look at the new DDoS trends formed this year, but let’s first go through attack-related figures first.

Some stats your way

The following are findings of a Netscouts Systems report. The statistics have been collected from ISPs across the world.  H1 2022 witnessed 6,019,888 global DDoS attacks.
  • TCP-based flood attacks were the most common attack vector, with 46% of them continuing a trend from 2021.
  • The TP240 PhoneHome reflection/amplifications DDoS vector, discovered earlier this year, had a record-breaking amplification ratio of 4,293,967,296:1.
  • DNS water-torture attacks surged, with a 46% rise in UDP query floods. This attack first reared its head when the Mirai botnet was used to launch its own DNS query flood. DNS water-torture involves sending a high packet rate flood of DNS queries.
  • However, DNS amplification attacks reduced by 31% from H2 2021 to H1 2022. This technique allows threat actors to reflect and amplify traffic via an intermediary. The best vectors for this attack are servers running UDP-based protocols. 
  • Malware botnet spread grew rapidly, with 21,226 nodes tracked in Q1 2022 as compared to 488,381 nodes in Q2. Some new botnets identified this year include Enemybot, Fodcha, B1txor20, Kinsing, Panchan, and Orchard.
 

Geopolitical warfare and DDoS attacks

The first half of the year witnessed multiple attacks on financial and government institutions.
  • In February, the Ukrainian government stated that it suffered a massive DDoS attack that knocked offline its banks and government websites. The attack aimed to subvert and raise panic among the nation. 
  • In another attack in April, cybercriminals targeted Ukrainian WordPress sites belonging to think tanks, government agencies, recruitment sites, and others.
  • Japan, Poland, Norway, Latvia, Lithuania, and Romania suffered DDoS attacks by the pro-Russian Killnet group. 
  • Satellite telecom providers in the U.S. reported heightened volumes of high-impact DDoS attacks, especially after they provided support to Ukraine’s communications infrastructure.  

Trends observed among cybercriminals

  • Last month, the LockBit ransomware group claimed to have been working on enhancing its DDoS capabilities and preparing for triple extortion attacks. The gang now prevents DDoS attacks on its system by using unique links in the ransom note. 
  • The Atlas Intelligence Group (AIG) was found following a novel business tactic, wherein it sold DDoS services, stolen databases, initial access to corporate networks, and exclusive data leaks. However, the twist was that the group would hire unrelated cyber mercenaries to conduct whatever operation a buyer purchased. 
  • Earlier in 2022, threat actors abused the Log4Shell vulnerabilities to plant cryptominers and launch DDoS attacks. Most of the attack attempts came from the U.S., Central Europe, Russia, and Japan. 

Bottom line

As defenses against DDoS attacks are getting better, cybercriminals are coming up with new attack vectors and tactics to bypass those. While the fundamental nature of DDoS attacks has not changed much, they have evolved to spread at a much wider scale to cause greater disruption worldwide. All these factors necessitate that organizations implement proactive threat defenses to fight against burgeoning cyber threats.
Cyware Publisher

Publisher

Cyware