Flooding a target with fake traffic can be a simple yet brutally effective way of knocking it out of action. But just how common are DDoS (Distributed Denial of Service) attacks - and how much damage do they actually cause?
To help you make sense of this key part of the cyber threat landscape, let’s delve deeper into DDoS statistics. We'll take a closer look at the prevalence of DDoS attacks, how the numbers have changed over time, who’s responsible, the motivations behind attacks, who’s affected, and the cost of cleanup and defense.
DDoS Attack Patterns Statistics
1. Cisco predicted that the number of DDoS attacks globally per year would double from 7.9 million in 2018 to 15.4 million in 2023. This is based on historic data on the number of attacks per year up to 2020 and projections for a further three years,
2. There has been a 807% increase in DDoS attacks in the nine years to 2022. Quarterly incidents rose from ~325,000 in Q1 2013 to ~2.9 million in Q1 2022.
3. Netscout analysis suggests there were ~13 million attacks in 2022; a new high benchmark for attack frequency.
4. In 2022, there was a 74% YoY increase in the number of DDoS attacks.
5. Initial projections suggest further increases in the DDoS incident rate for 2023. Lumen Technologies mitigated more than 8,600 DDoS attacks in Q1 - a 40% YoY increase, and the second busiest quarter in two years.
6. Q1 2023 saw a 47% surge in attacks compared to the same period in 2022.
7. Globally, organizations mitigated an average of 29.3 attacks per day during Q4 2022, four times more than the same period in 2021.
What Is a DDoS Attack?
A DDoS (distributed denial-of-service) attack is a method of disrupting the normal functioning of a target network or server by overwhelming it with large volumes of internet traffic.
DDoS attacks are conducted remotely by an attacker using networks of devices infected with malware. These individual attack nodes are referred to as bots, and clusters of connected bots are known as botnets.
During an attack, each bot submits requests to the target’s IP address, with the aim of overwhelming the target with requests, thereby leading to denial-of-service to legitimate traffic.
Who Are the DDoS Targets?
When it comes to Microsoft-based systems and services specifically, the United States seems to be the most frequently targeted region by some considerable margin. For IT infrastructure in general, the US still comes out on top, but the gap between the US and other regions is considerably narrower.
Countries/Regions Targeted
8. Based on DDoS attacks observed by Microsoft, the top country to have Microsoft services target for DDoS attacks was the United States (45.02%), with India following second (13.22%)
|
|
|
|---|---|
| United States | 45.02% |
| India | 13.22% |
| East Asia | 11.25% |
| Europe | 10.49% |
| Korea | 4.22% |
9. The United States was the largest target of general DDoS attacks in 2022 at 18.3%.
|
|
|
|---|---|
| United States | 18.3% |
| China | 10.7% |
| India | 9.2% |
| Russia | 8.4% |
| United Kingdom | 7.2% |
| Germany | 6.8% |
| France | 5.3% |
| Japan | 4.7% |
| Ukraine | 4.5% |
| Brazil | 4.2% |
Top Industries Targeted
10. The finance and telecommunications industries account for a combined 60% of all DDoS targets.
|
|
|
|---|---|
| Finance | 34% |
| Telecommunications | 26% |
| Retail | 17% |
| Entertainment | 12% |
| Insurance | 6% |
| Education | 2% |
| Logistics | 2% |
| Others | 1% |
11. Globally, finance was the most attacked industry sector in 2022, with 53% of overall attack activity, followed by technology (20%) and healthcare (11%).
|
|
|||
|---|---|---|---|
| 1st | 2nd | 3rd | |
| USA | Finance 32% | Healthcare 24% | Technology 17% |
| Europe | Finance 71% | Technology 16% | Government 4% |
| APAC | Technology 70% | Finance 9% | Government 8% |
Motivations
Because reasons behind attacks are very often not made known, the prevalence of various motivations are difficult to measure.
12. Cloudflare estimates that 9-19% of DDoS attacks are financially motivated - i.e. those attacks that involve extortion.
13. Other motivations are thought to include
- Ideology (hacktivism)
- Political (cyber warfare and targeted sabotage)
- Obscuration - i.e. providing cover for other cyber attacks, and personal motivation (hackers launching attacks ‘because they can’)
Who Are Committing DDoS Attacks?
Over the last year or so, the research points to a growth in the volume of DDoS attacks by both extortionists and politically-motivated threat actors.
Threat Actors
Extortionists / Organized Crime
14. In Q3 2022, DDoS involving ransom demands increased 67% year-on-year and 24% quarter-on-quarter.
15. In Q1 2023, 16% of Cloudflare customers reported a ransom DDoS attack. This represents a 60% YoY increase.
16. Finance is the sector most targeted with extortion DDoS attacks. The volume of DDoS targeting financial services last year was 121% higher than in 2021.
17. Ransomware gangs observed to be using DDoS cyber extortion campaigns recently include BlackCat, REvil, Suncrypt, and AvosLocker.
Hacktivists and politically motivated attackers
18. Top 10 claiming actors for hacktivist DDoS activity Feb-Apr 2023. This is based an analysis of conversations of threat actors intercepted by Radware over Telegram:
|
|
|
|---|---|
| Noname05716 | 29.4% |
| AnonymousSudan | 18.2% |
| MysteriousTeam0 | 13% |
| Others | 11.2% |
| Teaminsanepk | 8.97% |
| PassionBotnet | 6.49% |
| Anon_by | 4.05% |
| CyberArmyofRussia_Reborn | 3.08% |
| User_sec | 2.7% |
| AnonCyberViewtNam | 1.62% |
| ChaosSec | 1.24% |
19. Top countries attacked by hacktavists Feb-Apr 2023, based on claimed DDoS attacks. Again, this is based on conversation interceptions across Telegram channels.
Thales analysis shows how the focus of politically-motivated attacks has shifted as the war in Ukraine has progressed.
20. At the start of the conflict (Q1 2022), 50.4% of attacks in Europe affected Ukraine in isolation. By Q3 2022, this had reduced to 28.6%.
21. In Q1 2022, these attacks were divided more or less equally between DDoS attacks, espionage, data leaks and theft, influence campaigns, intrusion, and ransomware.
22. As the war has progressed, DDoS has gradually emerged as the favored attack method. As at March 2023, DDoS make up 75% of all attacks against companies and governments.
23. In summer 2022, there were almost as many conflict-related incidents in EU countries as there were in Ukraine (85% versus 86%).
24. By Q1 2023, the largest share of incidents (80.9%) have been inside the EU.
25. Within the EEA in 2022, Poland recorded 114 Ukraine-related attacks, The Baltic states - Estonia, Latvia and Lithuania (157 attacks), Sweden, Norway, Denmark and Finland (95 attacks), Germany (58 attacks), UK (18 attacks), France (14 attacks), Italy (14 attacks) and Spain (4 attacks).
26. 61% of attacks were perpetrated by pro-Russian hacktivist groups.
Sources of DDoS Attack Nodes
27. A single DDoS attack may deploy attack nodes spread across the world.
28. The top countries hosting DDoS bots are as follows:
|
|
|
|---|---|
| China | 2,105,044 |
| United States | 1,846,075 |
| South Korea | 1,328,823 |
| Italy | 974,011 |
| Russia | 809,978 |
| Rest of the World | 8,333,728 |
Attack duration
29. In 2022, small DDoS attacks (below 1Gbps) lasted 4 minutes on average.
30. Attacks between 50 and 100 Gps lasted 8.67 hours on average.
31. The longest attacks (between 100 and 250 Gps) lasted 66 hours, or 2.75 days.
32. In 2022, 89% of attacks lasted less than one hour. Attacks spanning one to two minutes accounted for 26% of attacks seen during the year.
Impact of DDoS Attacks
DDoS attacks have a massive impact on businesses, as a single attack can affect multiple aspects of an organization’s operations.
33. Average cost-per incident of DDoS attacks is $52,000 for small-to-medium-sized businesses, and $444,000 for enterprises.
34. Most commonly-encountered operational impacts of DDoS attacks are significant increase in load times (52%), slight increase in load times (33%), transaction failures (29%), and complete disruption/non-availability of services (13%).
35. Most commonly-encountered consequences of DDoS attacks are software/hardware replacement, reduction in revenue, loss of consumer trust, customer data theft, financial theft, and oss of intellectual property.
36. The global DDoS protection and mitigation market was valued at $2.91 Billion in 2022 and is expected to reach USD $7.45 Billion by 2030.
Notable Recent DDoS Attacks
For an idea of the level of disruption this type of attack can cause, here are some of the most notorious DDoS events of the last year or so…
KillNet Healthcare Campaign
The pro-Russian hacking group KillNet started life as a DDoS-for-hire service in early 2022. Since then, it has developed into a fully-fledged threat actor. It tends to specialize in attacking targets within countries that are active in their support of Ukraine.
A Microsoft advisory in March confirms that Killnet’s main focus has been on the pharma and life science sectors, hospitals, insurance, and healthcare. In late January 2023, KillNet launched an orchestrated wave of more than 90 DDoS attacks against mostly US-based health systems, hospitals, and medical centers.
The impact of these particular attacks was said to be “minimal and temporary with no impact to care delivery services”. However, US authorities urged organizations within the health sector to review potential exposures and the adequacy of defenses in place, including web application firewalls and use of multi-content delivery network (CDN) solutions.
The Minecraft DDoS Attack that Broke Andorra’s Internet
Largest HTTP DDoS Attack on Record
On the weekend of the 2023 Super Bowl, Cloudflare responded to dozens of hyper-volumetric attacks targeting - among others - a gaming provider, crypto companies, hosting providers and cloud computing platforms.
The most significant attack exceeded 71 million requests-per-second (rps), making it the largest HTTP DDoS attack recorded, more than 54% higher than the previous record of 64 million rps observed in June 2022.
Conclusion
When the Ukraine invasion started - accompanied inevitably by a cyber war - threat actors were using a wide range of attack methods in pretty much equal measure. Fast forward to the start of 2023, however, and DDoS comprised three quarters of all cyber attacks.
This reveals an important truth about DDoS: that sometimes the oldest and simplest attack methods are the most effective.
What’s more, far from being ‘just a nuisance’, denial-of-service translates directly into lost revenue; hence the steady growth in extortion-related DDoS attacks in the last year or so. And launching such an attack doesn’t take a technical genius - especially when you can pay a botnet-for-hire to conduct a month-long attack for less than $1,000.
Absolutely, I can modify the statement as follows:
The significance of DDoS is clear: it remains a significant part of the cyber threat landscape, and DDoS statistics should be on your radar.
FAQs
China is the country from where the largest volume of DDoS attack traffic originates.
In theory, an attack can last indefinitely - or until the botnet traffic is successfully blocked / rerouted, or reaches a point where it is unable to function. Prolonged attacks sometimes last several days.
DDoS remains a popular attack vector for threat actors because it is relatively easy to conduct. It also has the potential to cause significant disruption to its target.
Attack mitigation methods include identifying DDoS traffic and applying techniques such as geo-blocking and IP address filtering to isolate and block it. Other tools and tactics to deploy include use of rerouting and firewalls.
Netscout intelligence indicates there were ~13 million distinct attacks last year. This amounts to an average of ~36,000 attacks per-day.
Notable trends include the following:
• In June this year, several pro-Russian hacking groups, Killnet, REvil, and Anonymous Sudan announced that they have joined forces to form an alliance dubbed “Darknet Parliament”. Their stated aim is to disrupt the Western financial system (i.e. European and US banks, and the US Federal Reserve).
• The number of crypto website attacks was up 600% compared to the previous quarter.
• The US is currently the most attacked country.
• VM botnets have vastly greater computational and bandwidth resources at their disposal, making them up to 5,000 times stronger.
Sources
1. A10 Networks: 2022 DDoS Threat Report
2. BlackBerry: Russian Hacktivist Group KillNet Hits U.S. Hospitals with DDoS Attacks
3. Cisco Annual Internet Report (2018–2023) White Paper
4. Cision PR Newswire: Lumen research reveals a rise in sophisticated, complex DDoS attacks in Q1 2023
5. Cloudflare: Cloudflare mitigates record-breaking 71 million request-per-second DDoS attack
6. Cloudflare: DDoS Threat Landscape Report: DDoS Trands from Q3 2022
7. Cloudflare: DDoS threat report 2022 Q3
8. Cloudflare: DDoS threat report for 2023 Q1
9. InformationWeek: DDoS Attacks Taking Cyber Extortion to The Next Level?
10. Imperva: Why Attackers Target the Financial Services Industry
11. Imperva: What DDoS Attacks Really Cost Your Business
12. Kaspersky: Global IT Security Risks Survey 2014 - Distributed Denial of Service (DDoS) Attacks
13. Microsoft: 2022 in review: DDoS attack trends and insights
14. Microsoft: KillNet and affiliate hacktivist groups targeting healthcare with DDoS attacks
15. Netscout: Unveiling the New Threat Landscape
16. Radware: 2022 Global Threat Analysis Report
17. Radware Full Year 2022 Report: Malicious DDoS Attacks Rise 150%
18. Radware: Hacktivism Unveiled, April 2023 Insights Into the Footprints of Hacktivists
19. SC Media: Hospitals urged to tighten DDoS defenses after health data found on Killnet list
20. SecurityBrief: DDoS attacks not only more frequent but more powerful - report
21. StormWall: 2022: DDoS Year-in-Review Report by StormWall
22. StormWall: Q1 2023 in Review: DDoS Attacks Report by StormWall
23. TechRepublic: 2022 Dark Web prices for cybercriminals services
24. Thales Group From Ukraine to the whole of Europe:cyber conflict reaches turning point
25. VMR: DDoS Protection And Mitigation Market Size And Forecast
from StationX https://bit.ly/3E8qLvQ
via IFTTT
No comments:
Post a Comment