The political situation in Europe has escalated. This has affected the nature, intensity, and geography of DDoS attacks: They have become actively used for political purposes.
The situation in Eastern Europe has affected the entire DDoS attacks and protection industry. Now, states are becoming active participants in this market while the attacks themselves are becoming more sophisticated and powerful.
During the first and second quarters of 2022, a number of countries reported attacks on government and financial institutions:
The DDoS market is often called spontaneous. Attacks that are powerful and costly for customers are not uncommon, but governments used to be more restrained when protecting against them. Now, rumors about the actions of state structures in this segment are more often confirmed by the officials. For example, at the end of February 2022, the U.S. Attorney General publicly confirmed that the FBI conducted a secret operation to eliminate Russian malware and prevent a large-scale DDoS attack.
It is also known about the emergence of cyber troops in Ukraine—their creation last year was confirmed by the country’s government. In February 2022, they started the recruitment process. The tasks of the recruits will include ensuring information security and protecting critical infrastructure.
Active government intervention in the industry can fundamentally change the market.
The power, geography, and duration of DDoS attacks have been affected. According to Andrew Faber, Head of Web Security at G-Core Labs, the list of the main DDoS attack victims—countries and industries—has undergone significant changes in recent months. The company shared its data.
There are several distinctive types of DDoS attacks:
Each type of attack exploits different vulnerabilities in the victim’s infrastructure. Previously, attacks were based on a particular vector, but now the share of more sophisticated malicious campaigns is growing. Rather than directly attacking the victim’s server, attackers paralyze one of its key functions and conduct combined attacks along different vectors.
According to G-Core Labs, the number of such complex multivector attacks tripled in 2022 compared to the previous year. Bots and botnets have become the most common vectors for DDoS attacks, while HTTP flood attacks are also widely used. The company shared an example of a powerful attack that was averted by G-Core Labs Web Application DDoS Protection:
In recent years, the number of ultrashort DDoS attacks has been growing. In 2022, according to G-Core Labs, their average duration is 5–10 seconds.
The longest attack was recorded by the company’s specialists on April 14–15. It lasted 24 hours with a capacity of 5 Gbps.
The average power of recorded attacks in Q1–Q2 of 2022 more than doubled: last year, it was 300 Gbps, and this year it is already 700 Gbps. Previously, the main targets of such attacks were small and medium-sized companies, but this year more and more attacks are aimed at government agencies.
The beginning of 2022 was marked by some of the most powerful attacks of recent years. Most of them targeted government agencies:
According to G-Core Labs, the most attacked business sectors in Q1–Q2 of 2022 were e-commerce, fintech, and game development. The company shared information about powerful TCP and UDP flood attacks.
To defend against powerful and sophisticated attacks, businesses and government agencies require advanced security systems. This is not the first time that G-Core Labs has experienced a sharp increase in the number of DDoS attacks and their complexity.
“In 2020–2021, along with increased content consumption in online games and entertainment industry, DDoS attacks also became more frequent and sophisticated. The attacks became more devious: Instead of targeting specific servers, attackers focused on web applications (L7 of the OSI network model) and tried to legitimize the traffic. One of the main targets of cybercriminals was our client, Wargaming. On February 18, 2021, the security system of G-Core Labs detected a UDP Flood—an attack aimed at the servers of the game development company. Its volume reached 253 Gbps, and it lasted 15 minutes. We deflected it successfully. It was possible thanks to the huge bandwidth of our network and our filtering system, which detects and neutralizes attacks at a speed of hundreds of gigabits per second. Our comprehensive protection algorithms ensure that our security systems are not bypassed, even in cases where attackers try to use traffic similar to legitimate ones.”
G-Core Labs offers comprehensive protection against complex attacks: it works at the network (L3), transport (L4), and application (L7) layers, effectively protecting clients from all types of cyberthreats. The solution does not require pausing business processes for the duration of the attack since its intelligent real-time traffic filtering technology only cuts out specific malicious sessions.