Europe Gets a New DDoS Attack RecordDDoS Attacks Intensify Worldwide Amid Geopolitical Unrest
Online attackers converted an Eastern Europe company's online domain into a DDoS frontline through a series of bandwidth-consuming attacks unprecedented in size and scope. Akamai Technologies, which detected and halted the attacks, says the incident is the largest European distributed denial-of-service attack on record.
See Also: 2022 Unit 42 Incident Response Report
The company isn't revealing the victim. The incident comes amid reports of amped-up DDoS attack global volumes. Akamai rival Cloudflare also recently detected a "largest attack," while Ukraine and Russia have each reported intensified DDoS incidents. In Ukraine's case, attempts to knock government websites offline began even before the Russian invasion.
DDoS attacks use compromised devices to send malicious network traffic to a targeted server with the intent of overwhelming the target with traffic so it is unable to accept legitimate requests.
Akamai said attackers targeted the Eastern European victim 75 times over 30 days in July. The hackers used well-coordinated global botnets of high-bandwidth IoT devices. The attack traffic peaked at 853.7 gigabits per second, or 659.6 million packets per second, during a 14-hour period.
Attackers used a number of methods but turned most often to UDP, the connectionless and sessionless transport layer protocol. They had global reach and full control of botnets used to launch the spoofed UDP queries, says Dean Houari, director of security technology and strategy for the Asia-Pacific region at Akamai.
It was unusual to see how the attackers were able to evenly distribute the traffic attack volume across their botnet, Houari tells Information Security Media Group. "These attackers had complete control of how traffic is generated and distributed across the world," he says.
DDoS attacks are becoming more frequent and intensifying in volume.
In April, Russian cybersecurity firm Kaspersky reported DDoS attacks hit an all-time high during the first quarter of 2022, notably due to a spate of attacks on Ukrainian and Russian online resources. Hacking collective Anonymous claimed responsibility for one such attack directed against RT News, a Russian state-controlled online propaganda news network.
In June, Cloudflare reported that a botnet named Mantis was targeting its customers with "record-breaking attacks" of 26 million requests per second. Unlike the usual motley array of hacked internet of things devices used to launch DDoS attacks, the Mantis botnet hijacked virtual machines. Hence the botnet's moniker, taken from Mantis shrimp, which are tiny but forceful creatures.
Omer Yoachimik, a product manager at Cloudflare, tells ISMG that DDoS attacks tend to be seasonal, aligned with geopolitical events around the world. They also correlate to the rise of new botnets.
"While it's hard to say for sure, because of the distributed nature of DDoS attacks, it may well be tied to events such as the war in Ukraine and additional global events such as elections and even new online game releases," Yoachimik says.
"In the Ukraine-Russia cyberspace, we can see that the war on the ground is accompanied by attacks targeting the spread of information. DDoS attacks target media outlets and publishing companies on both sides of the war to try and stop the spread of information," Yoachimik says.
The island of Taiwan has also recently experienced a bevy of DDoS attacks timed around the visit of U.S. House Speaker Nancy Pelosi, although none have lasted very long and appear to be the work of Chinese hacktivists rather than Beijing-sponsored hackers. One such attack began after Pelosi departed Taiwan and resulted in the website of the Ministry of National Defense going offline for about an hour, the ministry says.
Companies should be prepared for DDoS attacks by ensuring that incident response plans are up to date, Houari says. He also recommends reviewing the cybersecurity "Shields Up" guidance issued by the U.S. Cybersecurity and Infrastructure Agency.