Radware Finds New Era of DDoS Attacks Dawning
A report published by Radware this week indicated the number of malicious distributed denial-of-service (DDoS) attacks rose nearly 75% in the first quarter of 2022. The increase is mainly due to an increase in so-called “micro floods” that are classified as low-throughput attack vectors with throughput between 10Mbps and 1Gbps.
Pascal Geenens, director of threat intelligence at Radware, said these micro floods have increased in part because of patriotic hacktivism from pro-Ukraine and pro-Russia activists. For the first time, illegal DDoS attacks are now being facilitated by thousands of individuals that are deliberately making compute resources available to a bot platform that launches these attacks.
Regardless of the attackers’ motivation, Geenens noted that once the war is over, it won’t be long before hacktivists launch similar attacks in the name of other causes. As such, the volume of DDoS attacks classified as micro floods will only increase in the months and years ahead, he said. The number of micro floods increased by 125% in the first quarter of 2022 compared to the previous quarter, according to the Radware report.
In addition to attacks tied to the war in Ukraine, the Radware report also found decentralized finance (DeFi) sector became a prime target for attacks after banning Russian citizens. Cryptocurrency exchanges were also the target of financially motivated attacks from threat actors affiliated with North Korea.
Overall, the Americas accounted for more than half of the DDoS attack volume (55%). The industries hardest hit by DDoS attacks include education (40%), telecom (27%) and health care (19%).
Finally, Radware also noted that bad bot transactions involving high-speed abuse and misuse of websites, mobile applications and application programming interfaces (APIs) increased 126% on a year-over-year basis.
Hacktivists have, of course, previously tried to leverage DDoS attacks to advance their causes. However, the latest efforts make use of everything from gamification and rallying cries that obscure the fact that participating in these attacks is illegal—regardless of moral justification, noted Geenens.
In the longer term, organizations should assume that the number of DDoS attacks they’ll face will only increase either directly or as collateral damage from being associated with one issue or another. These days, it’s almost impossible for organizations to avoid being aligned with one side of an issue or another.
Organizations not only need to be able to combat micro floods, they also need to be able to combat the hyper-volumetric DDoS attacks that also increased in 2022. In terms of volume, those attacks exceed 1Tbps. The reason those attacks are increasing is there are now more platforms than ever connected to the internet that cybercriminals can illicitly harness to launch DDoS attacks. As more platforms are connected to the internet it becomes that much more feasible to launch a hyper-volumetric DDoS attack. Earlier this year, the Cybersecurity and Infrastructure Security Agency (CISA) launched a Shields Up campaign to alert organizations to this threat. It remains to be seen if Russia will launch a large-scale DDoS attack as the conflict in Ukraine drags on, Geenens noted. Other countries are taking advantage of the focus on Russia to launch other attacks, he added.
Regardless of the source of the attack, however, the one thing that is clear is that DDoS attacks are now entering a new phase.
