In a distributed denial-of-service (DDoS) attack, an attacker overwhelms its target with unwanted internet traffic so that normal traffic cannot reach its intended destination, a method very popular with current cybercriminals.
DDoS attacks on the wireless telecommunications industry have grown 79% since 2020, primarily due to the increase in 5G wireless to the home. It accounts for 20% of all DDoS attacks for a specific industry, second only to wired telecommunications carriers.
Read more: Cyber state: Indian organizations expect to suffer much from identity-related compromise in 2023
Cloudflare found in Q1 2023, 16% of surveyed customers reported a Ransom DDoS attack — remains steady compared to the previous quarter but represents a 60% increase YoY.
Non-profit organizations and Broadcast Media were two of the most targeted industries, with Finland the largest source of HTTP DDoS attacks in terms of percentage of attack traffic, and the main target of network-layer DDoS attacks. Israel was the top most attacked country worldwide by HTTP DDoS attacks.
Cloudflare also found that large-scale volumetric DDoS attacks, attacks above 100 Gbps, have increased by 6% QoQ and that DNS-based attacks became the most popular vector. It also observed surges in SPSS-bas in ed DDoS attacks, DNS amplification attacks, and GRE-based DDoS attacks.
In April, Netscout Systems, Inc. a cybersecurity company found peak DDoS alert traffic in a single day reached as high as 436 petabits and more than 75 trillion packets. Service providers rigorously scrubbed a large percentage of this traffic, while enterprises eliminated an additional daily aggregate average of 345 terabytes of unwanted traffic.
With multi-terabit-per-second attacks now commonplace, and bad actors’ arsenals continuing to grow in sophistication and complexity, organizations need a strategy that can quickly adapt to the dynamic nature of the DDoS threat landscape
Richard Hummel, threat intelligence lead, NETSCOUT
“DDoS attacks threaten organizations worldwide and challenge their ability to deliver critical services. With multi-terabit-per-second attacks now commonplace, and bad actors’ arsenals continuing to grow in sophistication and complexity, organizations need a strategy that can quickly adapt to the dynamic nature of the DDoS threat landscape,” said Richard Hummel, threat intelligence lead, NETSCOUT.
APAC Seething with DDoS
The Asia Pacific region has been witnessing some intense DDoS attacks. In February, Akamai Technologies, Inc. mitigated the largest DDoS attack ever launched against its customer based in Asia, with amount of attack traffic most heavily sourced from APAC, with the top locations being Hong Kong, Tokyo, São Paulo, Singapore, and Osaka, and 48% of traffic in-region.
Customer experiences online are negatively impacted when a DDoS attack renders a site inaccessible, and connection is compromised. This inaccessibility jeopardizes consumer trust, and consistent disruptions will see them turning to alternative avenues instead
Parimal Pandya, Managing Director, Asia Pacific and Japan, Akamai
Parimal Pandya, Managing Director, Asia Pacific and Japan, Akamai, says, “The recent DDoS attack that Akamai mitigated in Asia serves as an important reminder that DDoS continues to be a pervasive threat that organizations here need to pay attention to. DDoS attacks continue to ramp up in the region because virtually every business is an online business today.
“Customer experiences online are negatively impacted when a DDoS attack renders a site inaccessible, and connection is compromised. This inaccessibility jeopardizes consumer trust, and consistent disruptions will see them turning to alternative avenues instead.”
India Faces High-Profile DDoS Attacks
India is one of the fastest-growing digital economies in the world, increasing the risk and scope of perilous cyber threats, including high-profile DDoS attacks. According to the India Computer Emergency Response Team (CERT), the number of cyberattacks in India increased 256% since 2019 with 1,402,809 incidents reported in 2021, and experts suggest that the magnitude and novelty of digital attacks will only get more aggressive and sophisticated in 2023.
These attacks have led to some business in the cybersecurity area. In April, Akamai Technologies, Inc. deployed two new scrubbing centers in Mumbai and Chennai, as part of its global infrastructure investment strategy. This announcement is part of Akamai’s ongoing investment in the region having recently announced a new scrubbing center in New Zealand.
India’s economy has been experiencing significant growth in recent years with the emergence of new startups and established multinational companies alike, but the vibrant business scene also increases the surface for cyberattacks, which means that a local focus is essential
Sid Pisharoti, Regional Vice President for Akamai India Operations
“India’s economy has been experiencing significant growth in recent years with the emergence of new startups and established multinational companies alike, but the vibrant business scene also increases the surface for cyberattacks, which means that a local focus is essential,” says Sid Pisharoti, Regional Vice President for Akamai India Operations.
EMEA Hammered
Apart from the APAC, NETSCOUT ASERT analysts saw a barrage of DDoS attacks hammering EMEA’s optical instrument and lens manufacturing sector, resulting in a 14,137% increase, mainly against one major distributor with over 6,000 attacks over four months.
South America DDoS Assault
A 1.3 Tbps (terabits per second) DDoS assault on a South American telecommunications company was another significant attack that Cloudflare witnessed in Q1. The attack lasted only a minute. It was a multi-vector attack involving DNS and UDP attack traffic. The attack was part of a broader campaign that included multiple Terbit-strong attacks originating from a 20,000-strong Mirai-variant botnet.
India along with the US, Brazil, Japan, and Hong Kong were the main countries from which the attack traffic came. Classified documents that appeared online, with details ranging from Ukraine’s air defenses to Israel’s Mossad spy agency, have US officials working to identify the leak’s source. The breadth of topics addressed in the documents suggests they may have been leaked by an American rather than an ally.
A Proven DDoS Mitigation Strategy is a Must Have
In the wake of heightened operational risk, having a proven DDoS mitigation strategy is imperative for online businesses to thrive. To stay ahead of the latest threats, Akamai recommends the following:
- Immediately review and implement cybersecurity recommendations and guidelines by the local government
- Review critical subnets and IP spaces and ensure that they have mitigation controls in place
- Deploy DDoS security controls in an always-on mitigation posture as a first layer of defense to avoid an emergency integration scenario and to reduce the burden on incident responders. Organizations without a trusted and proven cloud-based provider are advised to start their search for one.
- Proactively pull together a crisis response team and ensure incident response plans are up-to-date, including go-to contacts, and a runbook is available to provide guidance on procedures and operations that needs to be carried out in the event of a cyberattack.
“DDoS attacks have increased consistently in APAC, both in size and frequency, over the past couple of years and have become a serious threat to business growth and stability. As organizations across all verticals conduct their business online, attackers seek to disrupt and degrade customer experience and the reputation of these businesses for financial gain,” said Dean Houari, Director of Security Technology and Strategy, Asia Pacific and Japan, Akamai.
As organizations across all verticals conduct their business online, attackers seek to disrupt and degrade customer experience and the reputation of these businesses for financial gain
Dean Houari, Director of Security Technology and Strategy, Asia Pacific and Japan, Akamai
“Specifically, cybercriminals continue to deploy DDoS as part of multi-faceted attacks to divert customer attention from data breaches and ransomware, or to coerce ransom payments. Thus, it is critical that organizations adopt the right DDoS security solution to detect and mitigate attacks at scale, while having the right teams to monitor such attacks, as suggested in the guidance on minimizing DDoS risks,” he concluded.
Often a Smokescreen for More Sophisticated Attacks
DDoS attacks are playing an increasingly prominent role in the current threat landscape, most notably as part of triple extortion attacks, which represent the next level in the evolution of ransomware attacks and involve multiple threats or tactics used to extort money or sensitive information from a victim’s organization.
Read more: Beware the ChatGPT imposter: Android malware pretending to be ChatGPT
In addition, DDoS is main attack vector in conjunction with advanced persistent threats (APTs) carried out by state-sponsored hackers, criminal organizations, or other malicious actors, like the Killnet hacker group, with the goal of infiltrating or paralyzing a target organization’s network and stealing sensitive information over an extended period of time. DDoS attacks often serve as a smokescreen for more sophisticated attacks, such as data breaches, that can result in the theft of sensitive customer information.
BFSI, healthcare, public sector, large enterprises, group companies, gaming and ecommerce are high risk sectors.
