2022 was the year the world experienced unprecedented DDoS attacks. This new caliber of DDoS activity in volume, complexity, and frequency was largely due to the substantial increase in nation-state attacks but also due to the rise of the DDoS-as-a-service ecosystem.
A recent Microsoft report reveals that the average daily attacks it mitigated were 1,955, a 40% increase from 2021.
A reality snapshot
The Ukraine-Russia war certainly surged the overall volume of DDoS attacks but also marched the world to the age of hybrid warfare.
On February 23, 2022, hours before missiles were launched and tanks rolled across borders, Russian actors launched a massive destructive cyberattack against Ukrainian infrastructure: government, technology, and financial sector targets.
Using hacktivism as a narrative for recruitment into state hacking groups is a known practice already being implemented by Iran, China, and Russia.
For example, in April 2022, the pro-Russian hacking group Killnet launched DDoS attacks against Czech railroads, airports, and civil service, even though Czechia was not directly involved in the War.
In November, they targeted Bulgaria and are now setting their sights on Poland. Social media platforms enabled arming thousands of script-kiddies with hacktivist aspirations with directions for conducting easily executable attacks such as DDoS attacks.
DDoS as a Service is becoming widespread – and cheap.
Cybercrime service providers are now offering a subscription-based DDoS. Anyone can now outsource the creation and maintenance of the botnet necessary to carry out attacks at any desired scale.
Each DDoS subscription customer receives an encrypted service to enhance operational security and one year of 24/7 support. The DDoS subscription service offers different architectures and attack methods, so the customer simply selects a target and the seller provides access to an array of compromised devices on their botnet to conduct the attack. The cost? A mere $500 USD (Sometimes less).
Dynamic attack surface – and so far, it’s only growing
Verizon’s DBIR report highlights DoS as the most common type of attack. In fact, it leads by far in comparison to malware, ransomware, and the use of stolen credentials.
2022 DBIR Results and Analysis
According to the Microsoft report, top five DDoS attack vectors were:
- User Datagram Protocol (UDP) reflection on port 80 using simple service discovery protocol (SSDP)
- Connectionless lightweight directory access protocol (CLDAP)
- Domain name system (DNS)
- Network time protocol (NTP) comprising one single peak.
- Application layer DDoS attacks targeting websites, with 16.3 million peak RPS (requests per second) and 9.89 Tbps peak traffic.
The dire need for visibility
Per the report, “attack complexity, frequency, and volume continue to grow and are no longer limited to holiday seasons, indicating a shift toward year-round attacks. This highlights the importance of ongoing protection beyond traditional peak traffic seasons.”
Ongoing protection is of utmost importance, but how can you provide continuous protection without having continuous visibility into your dynamic DDoS attack surface?
Digital environments are constantly changing – for example, if somebody in the organization opens a cloud instance or a service – how can your mitigation company know? If they don’t know, they can’t reconfigure their system to protect you.
By testing all known DDoS attack vectors against all targets continuously and non-disruptively, companies can uncover and remediate unknown DDoS mitigation vulnerabilities for over 200% average improvement in DDoS readiness.