In the first quarter of 2022, the number of DDoS attacks increased by a factor of 4,5 compared to the same quarter of the previous year [1]. Furthermore, the average duration of an attack was 80 times longer than in Q1 2021. Kaspersky experts consider it likely that this increase in attacks is due to hacktivist activities.
DDoS (Distributed Denial of Service) attacks aim to disrupt the network resources used by businesses and organizations and impair their proper operation. Successful attacks, particularly on public authorities and institutions in the financial sector, have far-reaching negative effects, since the unavailability of these services affects the entire population.
DDoS: New high due to Ukraine war
In the first quarter of 2022, at the end of February, due to the crisis in Ukraine, there was a sudden increase in attacks: the total number increased compared to the fourth quarter of 2021, when the number of DDoS attacks detected by Kaspersky solutions had reached its all-time high of DDoS attacks in the first quarter of 2022 by 46 percent. This corresponds to an increase of 4,5 times. The number of intelligent, advanced and targeted attacks also showed a notable increase of 81 percent compared to the previous peak from the fourth quarter of 2021. Not only were the attacks carried out on a large scale, but they were also more innovative. Examples include a website imitating the popular 2048 puzzle game to gamify DDoS attacks on Russian websites and a call to build a volunteer IT army to facilitate cyberattacks.
Duration of DDoS attacks increased significantly: an average DDoS attack lasted 80 times longer than in the first quarter of 2021. The record is 177 hours (Image: Kaspersky.
Furthermore, the duration of the DDoS attacks increased significantly. An average DDoS attack lasted 80 times longer than in the first quarter of 2021. The longest attack was detected on March 29 with an atypically long duration of 177 hours.
Germany is one of the most frequently attacked countries in the world
In the first quarter of 2022, US-based resources were most frequently hit by DDoS attacks (44,3 percent), followed by China (11,6 percent) and Germany (5,0 percent). Also, looking at the geographical distribution of botnet C&Cs, more than half of the botnets active in the first quarter were in the United States (55,5 percent), an increase of 9,04 percentage points. Germany (8,3 percent) moved up to second place, followed by the Netherlands (8,0 percent).
"In the first quarter of 2022, we saw a higher number of DDoS attacks than ever before," comments Alexander Gutnikov, security expert at Kaspersky. “This is largely due to the geopolitical situation. What is unusual is the long duration of the DDoS attacks, which are usually carried out with the aim of making an immediate profit. Some of the attacks we observed lasted for days and even weeks, suggesting they may have been carried out by ideologically motivated cyberactivists. And many organizations were unprepared to combat such threats. All of this has made us more aware of how large and dangerous DDoS attacks can be. They also remind us that companies need to be prepared for such attacks.”
Kaspersky recommendations for protection against DDoS attacks
Maintaining the operation of web resources should be assigned to specialists who know how to respond to DDoS attacks.
Agreements with third-party providers and contact information should be validated regularly, including those made with Internet Service Providers. This helps security teams quickly access agreements in the event of an attack.
Implement a professional security solution to protect your company from DDoS attacks. Kaspersky DDoS Protection [2], for example, combines Kaspersky's extensive expertise in combating cyber threats with the appropriate technical solutions.
Have constant knowledge of your own data traffic. Network and application monitoring tools should be used to identify traffic trends and tendencies. By understanding the typical traffic patterns and unique characteristics of their organization, companies are able to more easily spot unusual activity that might indicate a DDoS attack.
Organizations should have a dedicated Plan B for defending their data assets. This enables business-critical services to be quickly restored in the event of a DDoS attack.
[1] https://securelist.com/ddos-attacks-in-q1-2022/106358/
[2] https://www.kaspersky.de/small-to-medium-business-security/ddos-protection
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/
Matching articles on the topic