In particular, the Russian war of aggression in Ukraine caused an extreme increase in DDoS attacks in 2022. While the rise in ransomware isn't as high, the quality of the attacks is increasing, making them harder to defend against. A comment from Netscout.
Cyber attacks with the Morris worm date back to 1988 and were a rare sensation at the time. Today, with millions of attacks per year, they are part of daily business and are developing at a rapid pace. In the first half of 2022 alone, there were over 6 million DDoS attacks worldwide. Even if the figures for the second year are not yet available, we can expect around 10 million in total.
Which developments companies and IT security experts must pay particular attention to in DDoS and ransomware attacks this year:
More powerful DDoS attack vectors
Network operators have to reckon with far more attacks with a political, religious and ideological background. At the same time, nation-states with far more resources than other malicious actors are constantly searching for new and more powerful DDoS attack vectors to evade DDoS mitigations, as evidenced by the development of new vectors every year. A frequent target of national actors is internet infrastructure to shut down critical communications, e-commerce and other important infrastructures that depend on internet connectivity.
Direct path DDoS attacks are making a comeback
Direct flooding and DDoS attacks at the application layer are becoming increasingly popular. This is due to increased efforts worldwide to combat spoofing, which makes it harder for spoofed packets to traverse the Internet. Direct-path DDoS attacks date back to before reflection/amplification attacks dominated the threat landscape.
These attacks have been optimized for the modern network and now come from much more powerful sources such as: B. Cloud-based infrastructures with massive computing and bandwidth resources. Additionally, attackers compromise hosts that are much closer to the target, bypassing many layers of transit, potential detection, and mitigation.
Menacing mix with Adaptive DDoS
In an adaptive DDoS attack, the attackers identify certain elements of the service chain that they want to attack in advance. Botnet nodes and reflectors/amplifiers closer to the target are increasingly being used, a phenomenon observed with botnets targeting Ukraine. This minimizes the number of borders that DDoS attack traffic must cross. This makes the attack more difficult to detect and mitigate. The mix of greater available bandwidth and throughput, greater number of vulnerable devices and adaptive DDoS attack techniques increases the threat to network operators.
Ransomware - Triple Extortion Attacks
Triple extortion attacks remain an issue this year. They start by infiltrating a network and stealing valuable assets such as trade secrets, source code, credit cards, authentication credentials, and other personally identifiable information. In phase two, ransomware is injected to encrypt valuable data or entire storage systems.
At this point, the cyber criminals demand ransom money in exchange for decryption. If payment is refused, for example because good backups enabled recovery, the threat actor also threatens to release sensitive data. The threat of such a release finally increases the pressure to the maximum.
More at Netscout.com
About NETSCOUT NETSCOUT SYSTEMS, INC. helps secure digital business services against security, availability and service disruptions. Our market and technology leadership is based on the combination of our patented smart data technology with intelligent analytics. We provide the comprehensive, real-time insight that customers need to accelerate and secure their digital transformation. Our advanced Omnis® cybersecurity platform for threat detection and mitigation offers comprehensive network visibility, threat detection, contextual investigations and automated mitigation at the network edge.