Radware H1 2022 Report: Malicious DDoS Attacks Up 203%

0

Activities related to the Russian invasion of Ukraine are causing shifts in the threat landscape
Patriotic hacktivism fuels DDoS activity while cyber “legions” spring into action
Ransomware denial of service holds its own

NEW DELHI, India – September 6, 2022

Radware® (NASDAQ: RDWR), a leading provider of cybersecurity and application delivery solutions, today released its Global Threat Analysis Report for the first half of 2022. The semi-annual report leverages network and application attack activity intelligence sourced from Radware’s Cloud and Managed Services, Global Deception Network and threat research team.

“The threat landscape has changed significantly in the first half of 2022,” said Pascal Geenens, director of threat intelligence at Radware. “When Russia invaded Ukraine, the cyber focus shifted. It shifted from the aftermath of the pandemic, including an increase in attack surfaces caused by working from home and the rise of underground crime syndicates, to a surge of DDoS activity launched by patriotic hacktivists and new legions of threat actors .”

DDoS attacks are increasing dramatically
The first six months of 2022 were marked by a significant increase in DDoS activity around the world. Attacks ranged from cases of hacktivism to terabit attacks in Asia and the United States.
The number of malicious DDoS attacks increased by 203% compared to the first six months of 2021.
There were 60% more malicious DDoS events in the first six months of 2022 than in all of 2021.
In May 2022, Radware defused a volumetric carpet bombing attack that represented a total volume of 2.9 PB. The attack lasted 36 hours and peaked at 1.5 Tbps with a sustained attack rate of more than 700 Gbps for more than eight hours. The combination of duration, volume, and average/sustained attack rates makes this one of the most significant DDoS attacks of all time.

Patriotic hacktivism is on the rise
In the first half of 2022, patriotic hacktivism increased dramatically.
Both established and newly formed pro-Ukrainian and pro-Russian cyber legions aimed to disrupt and wreak havoc through information theft and disclosure, defacements and denial-of-service attacks.
DragonForce Malaysia, a hacktivist operation that targeted organizations in the Middle East in 2021, returned in 2022. Her recent campaigns have been political responses to national events. OpsBedil Reloaded took place after events in Israel and OpsPatuk was launched in response to public statements by a high profile political figure in India.
Major information and communications networks in the Philippines, including CNN, news network ABS-CBN, Rappler and VERA Files, have been the target of DDoS attacks related to the country’s 2022 general election.

“No company in the world is currently safe from cyber retaliation,” warns Geenens. “Online vigilantes and hacktivists could disrupt broader security efforts being advanced by nations and agencies. New armies of actors could create extreme unpredictability for intelligence agencies, creating a potential for incursions and misattributions that could eventually lead to an escalation of the cyber conflict.”

Ransomware denial of service holds its ground
Outside of the War Empire, other cybercrime groups reemerged and continued.
In the first half of 2022, a renewed campaign of RDoS attacks by a group claiming to be REvil emerged. This time, the group not only sent out ransom notes before the attack began, but also embedded the ransom notes and ransom notes in the payload.
In May 2022, Radware uncovered multiple ransom demands from a group posing as Phantom Squad.

Retail and high-tech top industries for most web attacks
In the first six months of 2022, Radware observed an increase in malicious transactions targeting online applications, dominated by predictable resource location and injection attacks.
The number of malicious web application transactions increased by 38% compared to the first six months of 2021, surpassing the total number of malicious transactions recorded in 2020.
Predictable resource location attacks accounted for nearly half (48%) of all attacks, followed by code injection (17%) and SQL injection (10%).
The most targeted industries were retail and wholesale (27%) and high-tech (26%). Network operators and SaaS providers ranked third and fourth, shouldering 14% and 7% of attacks, respectively.

resources
Download Radware’s full Global Threat Analysis Report for H1 2022 here. Other resources are:
Blog: That was H1 2022: Part 1 – The fight against cybercrime
Blog: That was H1 2022: Part 2 – Cyber ​​War
Radware’s Quarterly DDoS and Application Threat Analysis Hub
Ransomware denial of service holds its ground
Outside of the War Empire, other cybercrime groups reemerged and continued.
In the first half of 2022, a renewed campaign of RDoS attacks by a group claiming to be REvil emerged. This time, the group not only sent out ransom notes before the attack began, but also embedded the ransom notes and ransom notes in the payload.
In May 2022, Radware uncovered multiple ransom demands from a group posing as Phantom Squad.

Retail and high-tech top industries for most web attacks
In the first six months of 2022, Radware observed an increase in malicious transactions targeting online applications, dominated by predictable resource location and injection attacks.
The number of malicious web application transactions increased by 38% compared to the first six months of 2021, surpassing the total number of malicious transactions recorded in 2020.
Predictable resource location attacks accounted for nearly half (48%) of all attacks, followed by code injection (17%) and SQL injection (10%).
The most targeted industries were retail and wholesale (27%) and high-tech (26%). Network operators and SaaS providers ranked third and fourth, shouldering 14% and 7% of attacks, respectively.

Share.

About Author

Comments are closed.