Global Incidents Stimulate DDoS Attack Waves
Global Incidents Stimulate DDoS Attack Waves

Image: Philipp Katzenberger (unsplash)

In the first half of 2023, cybercriminals initiated around 7.9 million DDoS attacks, marking a significant rise of 31% from the previous year, as reported by NETSCOUT.

Several global incidents have been the catalyst for the recent growth in DDoS attacks. Finland became a focal point of hackers in 2022 when it expressed its intent to join an international alliance. Following closely, Turkey and Hungary were on the receiving end of DDoS attacks due to their stance against Finland’s initiative.

Sweden underwent a series of cyber assaults in 2023 because of its intent to be a part of a similar international commitment, with the most substantial attack reaching 500 Gbps in May. These ideologically driven attacks were not limited to Sweden but were prevalent in the United States, Ukraine, Finland, and several other nations.

Telecom Providers Witness a Surge in DDoS Attacks

During the second half of 2022, NETSCOUT noted an upswing in DDoS attacks against wireless telecommunications providers, showing a worldwide surge of 79%. This pattern persisted, especially among APAC wireless providers in the initial half of 2023, marking an astounding 294% growth. This coincides with numerous broadband gaming enthusiasts transitioning to 5G fixed wireless access as providers expand their networks.

Derived from its ATLAS sensor network, NETSCOUT’s analysis of the digital threat landscape is a result of decades of collaboration with global Internet Service Providers. This partnership enables the observation of trends from an average of 424 Tbps of internet peering traffic – a 5.7% hike from 2022. Furthermore, the company recorded an almost 500% growth in HTTP/S application layer attacks from 2019, and a 17% increase in DNS reflection/amplification volumes during the first half of 2023.

Richard Hummel, the senior threat intelligence lead at NETSCOUT, pointed out that while certain global activities and the expansion of 5G networks escalate the frequency of DDoS attacks, the tactics of the culprits are constantly evolving. There’s a growing tendency to employ custom infrastructures, like resilient hosting or proxy networks, to initiate these cyber onslaughts.

DNS Water-Torture Attacks Gain Momentum

From the start of the year, there’s been a revival of carpet-bombing attacks, seeing a 55% increase. NETSCOUT considers their estimate of over 724 daily occurrences to be conservative. These attacks bear a substantial brunt on the global internet, impacting hundreds or even thousands of hosts concurrently. Such a strategy often evades the activation of high bandwidth alerts, delaying the onset of DDoS mitigation measures.

Daily DNS water-torture attacks have seen a rise of around 353% since the beginning of the year. The industries frequently targeted encompass wired telecom, wireless telecom, data processing hosting, electronic shopping and mail-order businesses, and insurance providers and agencies.

Offenders often devise or utilize varied forms of exploitable infrastructure for initiating attacks. Open proxies, for instance, were recurrently used in HTTP/S application-layer DDoS attacks, especially against targets within the education and national government sectors. DDoS botnets were also predominantly featured in assaults on regional and local governments.

Interestingly, a limited set of nodes partake in a vast number of DDoS attacks. There’s an average IP address turnover rate of merely 10%, indicating that offenders recurrently employ exploitable infrastructures. Although these nodes maintain their presence, their impact varies as attackers cycle through different exploitable infrastructures every few days.