DDoS attacks have increased rapidly. The reason for this is both world events such as the Ukraine war and the expansion of mobile phone networks. The DDoS Threat Intelligence Report for H1 2023 does not show good development.
Cybercriminals launched around 2023 million distributed denial of service (DDoS) attacks in the first half of 7,9, a 31% increase compared to the previous year. This is what the “DDoS Threat Intelligence Report” for the first half of 2023 from NETSCOUT revealed.
DDoS attacks on Sweden and Finland after NATO bid
Global events such as the Russia-Ukraine War and NATO accession negotiations have fueled the growth of DDoS attacks. Finland was attacked by pro-Russian hacktivists in 2022 while applying to join NATO. Turkey and Hungary were targeted with DDoS attacks because they opposed the Finnish bid. In 2023, Sweden experienced a similar attack related to its NATO bid, culminating in a 500 Gbit/s DDoS attack in May. Ideologically motivated DDoS attacks targeted the United States, Ukraine, Finland, Sweden, Russia and several other countries.
Mobile operators targeted by DDoS attacks
In the second half of 2022, NETSCOUT documented a trend in DDoS attacks against mobile operators that increased by 79% worldwide. This trend continued for APAC mobile operators in H1 2023 with an increase of 294%. This is due to many broadband gaming users shifting their activities to 5G fixed-line access as providers expand their networks.
NETSCOUT's threat landscape insights come from the ATLAS sensor network, built over decades of collaboration with hundreds of Internet service providers worldwide, and trends from an average Internet peering traffic of 424 Tbps, an increase of 5,7% from 2022 corresponds. The company has seen nearly 500% growth in HTTP/S application layer attacks since 2019 and 17% growth in DNS reflections/amplifications in the first half of 2023.
Always new attack tactics
“While world events and the expansion of 5G networks have led to an increase in DDoS attacks, attackers are evolving their approach to be more dynamic, leveraging tailored infrastructure such as bulletproof hosts or proxy networks to launch attacks” said Richard Hummel, Senior Threat Intelligence Lead at NETSCOUT. “The lifecycle of DDoS attack vectors demonstrates attackers’ persistence in finding and weaponizing new attack methods as DNS water torture and carpet bombing attacks become more common.”
Other key findings from the NETSCOUT 1H2023 DDoS Threat Intelligence Report include:
Carpet bombing attacks are on the rise. Since the beginning of the year, there has been a renewed increase in carpet bombing attacks by 55% to more than 724 per day. NETSCOUT considers this number to be a conservative estimate. The attacks cause significant damage by attacking hundreds or even thousands of hosts simultaneously. This tactic often avoids triggering an alarm at high bandwidth thresholds in order to start mitigating DDoS attacks in a timely manner.
DNS water torture attacks are becoming commonplace. The number of daily DNS water torture attacks has increased by almost 353% since the beginning of the year. The top five target industries include wired and wireless telecommunications, data processing hosting, electronic commerce and mail order, and insurance agencies and brokers.
Universities and governments disproportionately attacked. The attackers create their own platforms or use various types of exploitable infrastructure to launch attacks. For example, open proxies have been consistently used in HTTP/S application layer DDoS attacks against higher education and national government targets. DDoS botnets, on the other hand, have often been used in attacks on state and local governments.
DDoS sources are persistent. A relatively small number of nodes are involved in a disproportionate number of DDoS attacks. The average IP address change rate is only 10% because attackers tend to reuse abusive infrastructure. While these nodes are persistent, the impact varies as attackers cycle through a different list of exploitable infrastructure every few days.
Go directly to the report on Netscout.com
About NETSCOUT NETSCOUT SYSTEMS, INC. helps secure digital business services against security, availability and service disruptions. Our market and technology leadership is based on the combination of our patented smart data technology with intelligent analytics. We provide the comprehensive, real-time insight that customers need to accelerate and secure their digital transformation. Our advanced Omnis® cybersecurity platform for threat detection and mitigation offers comprehensive network visibility, threat detection, contextual investigations and automated mitigation at the network edge.
Matching articles on the topic