Radware Report Sees Major Spike in DDoS Attacks

Radware today published a global threat analysis report that finds the number of malicious distributed denial of service (DDoS) attacks launched in the first of 2002 increased 203% year over year, mainly because of the war in Ukraine and political strife involving Taiwan and the Philippines.

In fact, the report finds there were 60% more malicious DDoS events during the first six months of 2022 than in all of 2021. The number of malicious web application transactions grew by 38%, compared to the first six months of 2021, surpassing the total number of malicious transactions recorded in 2020.

Pascal Geenens, director of threat intelligence for Radware, said it’s now apparent DDoS attacks are being democratized as part of hacktivism initiatives that, for example, ask individuals to make compute resources available to launch DDoS attacks against Web sites in Russia.

The issue is that it will not be long before those types of attacks are used more broadly to support a wide range of causes, he said. Hacktivists, for example, could rally volunteers to launch DDoS attacks against specific organizations that they perceive to be on the wrong side of almost any issue, noted Geenens.

Overall, DDoS attacks are increasing in both volume and frequency as so-called “micro floods” involving attacks that have throughputs of between 10Mbps and 1Gbps. One of the largest attacks Radware mitigated in the first half of this year involved what is known as a volumetric carpet-bombing attack, which represented a total volume of 2.9 PB. The attack lasted 36 hours, peaking at 1.5 Tbps with a sustained attack rate of more than 700 Gbps for more than eight hours. In terms of duration, volume and average/sustained attack rates, that attack was one of the most significant DDoS attacks on record, noted Geenens.

The Radware report finds predictable resource location attacks accounted for almost half (48%) of all attacks followed by code injection (17%) and SQL injection (10%). The most attacked industries were retail and wholesale trade (27%) and high tech (26%), followed by carriers and software-as-a-service (SaaS) providers at 14% and 7%, respectively.

The reason DDoS attacks are increasing is, of course, there are now more platforms than ever connected to the internet that cybercriminals can illicitly harness to launch DDoS attacks. As more platforms are connected to the internet it becomes that much more feasible to launch a hyper-volumetric DDoS attack. Earlier this year, the Cybersecurity and Infrastructure Security Agency (CISA) launched a Shields Up campaign to alert organizations to this threat. It remains to be seen if Russia will launch a large-scale DDoS attack as the conflict in Ukraine drags on, but other nation states and cybercriminals gangs are clearly using similar DDoS tactics.

In fact, it may now only be a matter of time before the Internet splinters as countries move to defend Web assets from attacks being launched from other countries, noted Geenens. In much the same way that China has created the Great Firewall to control the flow of information, he said nation states will soon need to consider isolating segments of the Internet to better protect a wide range of critical infrastructure.

Regardless of the source of the attack, however, the one thing that is clear is that DDoS attacks have entered a new phase.

Avatar photo

Michael Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

mike-vizard has 747 posts and counting.See all posts by mike-vizard