If there’s one consistent trait all cybercriminals have in common, it’s that they never fail to innovate to get what they want – be it spying; Wreak havoc or access confidential corporate data, personal information, or lucrative financial data.
This certainly applies to our findings in the latest DDoS Threat Intelligence Report, to be published on September 27, 2022. As we discussed in a previous blog, we changed the report’s formatting to make the data essentially more accessible and reader-friendly, broken down into eight vignettes covering geographic finds as well as several troubling trends.
In addition to data for four geographic regions – North America, Latin America; Asia Pacific (APAC); and Europe, Middle East and Africa (EMEA) – the following new sections address a range of attack trends.
Opponents develop and innovate attack methods and vectors
Bad actors never stop adapting their strategies to launch successful Distributed Denial-of-Service (DDoS) attacks, which is evident by examining three specific attack types: DNS water torture, which saw an increase of 46 since H2 2021 % recorded; carpet bombs, which rose after a slight decline last year; and TCP-based attacks that dominated the DDoS vector charts. These trends clearly highlight the need for organizations to adapt their mindset, understanding and defenses to combat DDoS.
Adaptive DDoS attacks and learn how to suppress them
An adaptive DDoS attack begins when threat actors use advanced intelligence to identify target networks. They follow this up with continuous monitoring of effectiveness before quickly switching vectors to counteract the weakening. Attackers then leverage the topologically adjacent infrastructure for continuous innovation and vector weaponry. Traditional DDoS mitigations protect Internet properties by applying detection, classification, tracing, and mitigation technologies to inbound network traffic. However, this approach has not addressed outbound or cross-border DDoS attacks using compromised workstations, Internet of Things (IoT) devices, and high-capacity servers. All of this is subsumed into botnets and used by attackers to launch DDoS attacks. It is important to understand this strategy and suppress this increasingly harmful behavior.
War, religion and politics: The new battlefield for DDoS
Although adversaries never need a new reason to launch attacks, the socio-political landscape provided them with plenty of fodder in the first six months of 2022. Our data shows that bad actors target countries, governments, corporations, interest groups, and individuals in response to issues related to war, politics, religion, sports, and even entertainment events. In fact, most high-profile DDoS attack campaigns in the first six months of the year correspond to national or regional conflicts that have provoked global reactions. The Russia-Ukraine conflict provided ample evidence of this troubling behavior, with attackers targeting those countries and the organizations within them, as well as countries that expressed solidarity with both sides.
Botnets proliferate and soar
We continue to see innovations that take advantage of botnets – groups of malware-infected computer systems known as bots. Indeed, our results point to a worrying increase in botnet usage as adversaries innovate and scale them to greater size and effectiveness. We now track more than 400,000 high-confidence bot nodes, with threat actors increasingly using direct-path attacks from botnets to launch application-layer attacks. The first half of the year saw an 11% increase in direct path attacks compared to the second half of 2021, driven almost entirely by botnet innovations.
Learn more about how attackers are innovating and impacting networks around the world in the upcoming DDoS Threat Intelligence Report, available September 27. In the meantime, check out our real-time DDoS attack map.
Copyright © 2022 IDG Communications, Inc.
