DDoS Attacks Exceeded Six Million in First Half of 2022
A Netscout Systems report concluded that the number of distributed denial-of-service (DDoS) attacks launched in the first half of this year exceeded six million.
The Netscout report was based on statistics collected from internet service providers (ISPs) around the world. The research also noted that TCP-based flood attacks, which first appeared in early 2021, are the most common attack vector, making up approximately 46% of all attacks.
DNS water-torture attacks accelerated in 2022 with a 46% increase primarily using UDP query floods, while carpet-bombing attacks experienced a big comeback toward the end of the second quarter, the report also found.
Conversely, DNS amplification attacks decreased by 31% year-over-year in the first half of the year.
However, the report also noted that malware botnet proliferation grew at an alarming rate, with 488.381 nodes in the first half being identified compared to 21,226 nodes a year ago. Most of the nodes are being used to launch attacks at the application layer, the report concluded.
Finally, a TP240 PhoneHome reflection/amplifications DDoS vector discovered in early 2022 is now exhibiting a record-breaking amplification ratio of 4,293,967,296:1.
In total, the report found there were 6,019,888 global DDoS attacks in the first half of 2022. Of course, the increase in the volume of DDoS attacks coincides with the start of the war in Ukraine. However, there has also been a surge of DDoS attacks in Taiwan and India as well; DDoS attacks have also been employed by rival political campaigns in Columbia.
Richard Hummel, threat intelligence research lead for Netscout Systems, said in addition to increased volume, perpetrators of these attacks are also conducting more rigorous reconnaissance before launching more targeted attacks.
More troubling still, purveyors of ransomware attacks are now starting to launch DDoS attacks against organizations that refuse to give in to their demands, so the volume of attacks is likely to increase further.
It’s also not clear whether the DDoS attacks orchestrated by Ukraine will lead to a major expansion. The government of Ukraine recruited volunteers from around the world to launch DDoS attacks against Russia. It’s only a matter of time before other entities employ that same model to advance any number of ‘hacktivist’ causes.
Hummel said it’s clear that organizations in collaboration with ISPs are going to need to find ways to more proactively defend themselves from DDoS attacks before or as they are being launched. Most organizations today are reacting to DDoS attacks after their network infrastructure has already been crippled. As a provider of network security tools used extensively by ISPs and large enterprise IT organizations, Hummel said Netscout Systems is working to develop technologies that identify and suppress those attacks before they can achieve that goal.
The challenge, of course, is that it’s never been easier to launch DDoS attacks using botnets that take over billions of internet-connected devices. The fundamental nature of DDoS attacks hasn’t changed all that much over the decades, but the scale at which they can be conducted has turned them into a much more serious global threat.