International conflicts driving increased strength of DDoS attacks: report

Wars and regional disputes are fueling an increase in powerful distributed denial-of-service (DDoS) attacks, according to a new report from cybersecurity firm NETSCOUT.

The company registered increases in the number of DDoS attacks — which flood a targeted website with junk traffic, making them unreachable — for the first half of 2022 in several countries, including Russia, Ukraine, India, Ireland, Finland and others. They tracked more than six million incidents that used 57% more bandwidth than last year. NETSCOUT calculates its figure based on its monitoring of more than 50,000 autonomous systems in 550 industries across 190 countries. 

While the six million attacks seen mirrors activity in the second half of 2021, most attacks tracked by NETSCOUT were an extension of Russia's invasion of Ukraine or Chinese aggression toward Taiwan and Hong Kong.

Russia and Ukraine bombarded each other with DDoS attacks since the invasion began in February, but several other countries have been on the receiving end of incidents. 

NETSCOUT tracked increases in DDoS attacks in Ireland, India, Taiwan, Belize, Romania, Italy, Lithuania, Norway, Poland, Finland and Latvia. Many were attacked explicitly for their stance on the conflict in Ukraine, with several being targeted by pro-Russian hackers with the Killnet group. 

Finland saw a 258% year-over-year increase in DDoS attacks once it announced the intent to apply for NATO membership.

NETSCOUT found surges in DDoS attacks on countries providing assistance to Ukraine — like Ireland — or those failing to condemn Russia — like India.

Richard Hummel, senior manager of threat intelligence at NETSCOUT, told The Record that in the past, most DDoS attacks deployed by nation-state criminals were diversionary tactics designed to draw attention.

While the same is largely true today, Hummel said it is increasingly being used for a variety of other reasons: disruption, smokescreen, morale degradation, communications interruption, and other purposes.

“While a large number of DDoS attacks are motivated by monetary gain, the number of attacks for other reasons continue to grow. For example, North America saw Elementary Education hit hard with very simple single vector attacks,” Hummel said. 

“This is notable in that all of these attacks can be launched for free from booter/stresser platforms. A study done in the UK in 2019 showed that children as young as 9-years-old both knew how to and had engaged in launching DDoS attacks. So, I don't think it's as clear cut anymore.”

Part of why the attacks have grown in frequency is because they are cheap, easy to deploy and are accessible with very little risk or repercussions, according to Hummel. 

By their nature, DDoS attacks lend themselves to anonymity because of how distributed they are. There are also many free tools that now assist with the DDoS attack process. 

He noted that while DDoS attacks may appear to simply knock a website offline for a few hours, they do often cause significant damage. 

Hummel listed several attacks, including one on the New Zealand Stock Exchange that caused millions in losses. 

“Another example is that of the VoIP providers pummeled by the REvil copycats. One provider cited between $9 and $12 million in damages,” he said. “You also need to think about loss of customers and brand damage that may be tarnished for good.” 

According to NETSCOUT, all the DDoS attacks that appear to be related to the Ukraine/Russia conflict utilize well-known DDoS attack vectors. 

“In terms of attack characteristics and impact, most can be attributed to standard DDoS-for-hire services, well-known botnets like Meris and Dvinis, and manually driven DDoS attack tools like LOIC and Killnet Vera,” the researchers said. 

Record-breaking attacks

The company also tracked increases in DDoS attacks during the unusually contentious presidential election cycle in Colombia as well as the Rio Carnival. Government and religious institutions in Brazil were hit with DDoS attacks during debates over abortion laws following turmoil in the United States.

Multiple security companies have similarly reported an evolution in the the size and scope of DDoS attacks. 

Two weeks ago, content delivery company Akamai reported a record-breaking DDoS attack on an Eastern European customer. Akamai’s Craig Sparling told The Record the customer had previously faced DDoS attacks but the attacker refused to give up. 

“The attack was highly distributed, targeting over 1,800 IPs and 6 global data centers at the height of the attack. This was a big, highly targeted, and sophisticated effort to take down this customer,” he said, explaining that the type of attacks they track were typically targeted at network equipment and infrastructure. 

Last month, Google said it stopped the largest DDoS attack ever recorded — 76% larger than the previously reported record,

To put it in perspective, they compared the attack to “receiving all the daily requests to Wikipedia (one of the top 10 trafficked websites in the world) in just 10 seconds.”

“DDoS is an effective tool for disrupting networks and degrading morale for countries embroiled in sociopolitical upheaval,” NETSCOUT researchers said.  

“But adversaries don’t need a particular reason to launch an attack; they’re happy to do so under the guise of activism, religious, nihilism, military conquest, and more.”