Evolving, increasingly malicious web DDoS attacks are becoming a tsunami-like threat to all industries and countries. DDoS attacks have increased massively again in 2022 and the first half of 2023.
In the first half of 2023, Check Point observed a massive increase in distributed denial of service (DDoS) attacks. The attacks have reached a new level of sophistication, frequency and scope that companies now have to deal with. This growing threat is particularly illustrated by the popularity of web DDoS attacks, which have become a huge threat across industries and countries. A web DDoS tsunami attack is an evolution of the HTTP DDoS flood cyberattack, which is sophisticated, aggressive, and very difficult to detect and mitigate without blocking legitimate traffic.
The evolving threat landscape
As seen in recent news, DDoS attacks have reached staggering proportions in 2022 and the first half of 2023. Threat Hub data from our partner Radware shows a notable 2022 percent increase in blocked DDoS events in 152 compared to 2021, coupled with a 32 percent increase in total blocked attack volume compared to the previous year.
The largest DDoS attack in 2022 reached a staggering 1,46 Tbps - a 2,8x increase over last year's record. In addition, the attackers not only have financial motives, but also political motives, which account for a large part of DDoS attacks. The shift began coinciding with Russia's invasion of Ukraine, which demonstrated unprecedented synchronization between cyberattacks and real-world events. This trend has led to a rise in state-sponsored hacktivist groups attacking organizations in various sectors, which has far-reaching implications.
Three key trends in DDoS attacks
- Emergence of state actors.
The shift from financially motivated hackers to state-backed hacktivist groups has significantly changed the overall landscape. State-sponsored groups have far more resources and better organization, increasing their ability to develop sophisticated attack tools, target a broader range of victims, and operate with relative impunity. - Attacks are increasing in scope and complexity.
Attackers are using new tools that enable larger and more complicated attacks. They mix attack vectors within individual attacks, posing challenges for traditional defense technologies and practices. - Shifting to application layer attacks.
DDoS attacks are increasingly targeting the application layer, making detection and containment difficult. The use of advanced web DDoS attack tools has made traditional defenses less effective against these sophisticated tactics.
What exactly are web DDoS attacks and why are they harder to mitigate?
The merger of these above trends has resulted in web DDoS attacks becoming the primary vector for modern DDoS threats. These attacks exploit the HTTP or HTTPS protocols at the application layer and send a flood of requests to web applications to overload servers. Because most web traffic is encrypted, detecting malicious intent becomes complex, making these attacks particularly difficult to mitigate.
Web DDoS Challenges:
Asymmetric processing: SSL/TLS protocols require more server resources, allowing attackers to carry out massive attacks with relatively few requests.
Encrypted payload: Most web traffic is encrypted, making inspection by traditional defenses ineffective.
Application Logic Attacks: Application layer attacks mimic legitimate requests and require deep understanding to detect anomalies that indicate an attack.
Advanced attack tools: Attackers are using new tools with random attack vectors and techniques that bypass traditional defenses.
Stop the tsunami
Over the past 18 months, there has been an unprecedented increase in the number of DDoS attacks, which have increased in scale, frequency and sophistication. This growth is due to a combination of factors. While each of these factors stands alone, they have combined to create a fundamental shift in the threat landscape that is more dangerous than ever before.
Under these circumstances, Internet DDoS tsunami attacks have emerged as a particularly devastating threat to organizations, jeopardizing the availability of mission-critical applications and services. However, traditional DDoS protection methods are unable to provide adequate protection against these attacks, necessitating a new approach to DDoS protection. Anyone who fails to adapt their own defenses to new developments and circumstances risks being swept away by the DDoS tsunami.
More at Checkpoint.com
About check point Check Point Software Technologies GmbH (www.checkpoint.com/de) is a leading provider of cybersecurity solutions for public administrations and companies worldwide. The solutions protect customers from cyberattacks with an industry leading detection rate for malware, ransomware and other types of attacks. Check Point offers a multi-level security architecture that protects company information in cloud environments, networks and on mobile devices, as well as the most comprehensive and intuitive “one point of control” security management system. Check Point protects over 100.000 businesses of all sizes.