DDoS attacks are on the rise globally amid geopolitical unrest
Brian Pereira (believe_digital) •
August 5, 2022
Online attackers turned an Eastern European company’s online domain into a DDoS frontline through a series of bandwidth-intensive attacks unprecedented in size and scale. Akamai Technologies, which detected and stopped the attacks, says the incident is the largest European distributed denial-of-service attack of all time.
See also: OnDemand | Zero Tolerance: Control the landscape where you meet your opponents
The company does not disclose the victim. The incident comes amid reports of increased global volume of DDoS attacks. Akamai rival Cloudflare also recently spotted a “biggest attack,” while Ukraine and Russia each reported increased DDoS incidents. In the case of Ukraine, attempts to take government websites offline began even before the Russian invasion.
DDoS attacks use compromised devices to send malicious network traffic to a targeted server with the intention of overwhelming the target with traffic so that it cannot accept legitimate requests.
Akamai said attackers had targeted the Eastern European victim 75 times in a 30-day period in July. The hackers used well-coordinated global botnets of high-bandwidth IoT devices. Attack traffic peaked at 853.7 gigabits per second or 659.6 million packets per second over a 14-hour period.
Attackers used a variety of methods, but most commonly turned to UDP, the connectionless, sessionless transport layer protocol. They had global reach and full control over botnets used to launch the fake UDP queries, says Dean Houari, director of security technology and strategy for Akamai’s Asia Pacific region.
It was unusual to see how attackers were able to evenly distribute attack traffic volume across their botnet, Houari tells Information Security Media Group. “These attackers had complete control over how traffic was generated and distributed around the world,” he says.
DDoS attacks are becoming more common and increasing in volume.
In April, Russian cybersecurity firm Kaspersky reported that DDoS attacks hit an all-time high in the first quarter of 2022, particularly due to a spate of attacks on Ukrainian and Russian online resources. Hacking collective Anonymous claims Responsible for such an attack against RT News, a Russian state-controlled online propaganda news network.
In June, Cloudflare reported that a botnet called Mantis was attacking its customers with “record-breaking attacks” of 26 million requests per second. Unlike the usual motley collection of hacked Internet of Things devices used to launch DDoS attacks, the Mantis botnet hijacks virtual machines. Hence the botnet’s nickname, adopted by mantis shrimp, which are tiny but powerful creatures.
Omer Yoachimik, product manager at Cloudflare, tells ISMG that DDoS attacks tend to be seasonal and focused on geopolitical events around the world. They also correlate with the emergence of new botnets.
“Although it’s hard to say due to the distributed nature of DDoS attacks, they could well be associated with events like the war in Ukraine and additional global events like elections and even new online game releases,” says Yoachimik.
“In cyberspace between Ukraine and Russia, we can see that the war on the ground is accompanied by attacks aimed at information dissemination. DDoS attacks are targeting media companies and publishers on both sides of the war in an attempt to stop information from spreading. ‘ says Yoachimik.
The island of Taiwan has also recently experienced a spate of DDoS attacks, timed around the visit of US House Speaker Nancy Pelosi, although none lasted very long and appear to be the work of Chinese hacktivists rather than Beijing-sponsored hackers. One of those attacks began after Pelosi left Taiwan and caused the Defense Department’s website to go offline for about an hour, the ministry said.
Organizations should be prepared for DDoS attacks by making sure incident response plans are up to date, says Houari. He also recommends reading the Shields Up cybersecurity guidance issued by the US Cybersecurity and Infrastructure Agency.