Cybersecurity Firms Are Fending off a Tsunami of Dangerous DDoS Attacks

Posted By

the EDGE


December 20, 2023

Summary: A surge in cyberattacks continues to gain steam in 2022. This trend is especially pronounced in the number of distributed denial of services (DDoS) attacks witnessed throughout the first half of the year, as well as the increasing size and duration of these incidents. Google and Cloudflare have fended off some of the largest HTTPS-based attacks of all time recently, while Akamai Technologies is combatting gigantic User Datagram Protocol (UDP) floods. 

The repeated use of a particular attack vector in a short span of time can inspire other hackers to target the same vulnerabilities across the internet and enterprise with their own copycat attacks. DDoS’ing is an especially vicious tactic since it costs relatively little to launch an attack but can carry high costs for those on the receiving end.

The size and duration of recent distributed denial of services (DDoS) attacks are setting new records at a blazing pace, increasing the necessity of organizations to respond with proper cybersecurity investments.

Per Cloudflare’s description, a DDoS attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. DDoS attacks are typically launched by a network of several devices that have been infected with malware, allowing them to be controlled remotely by an attacker. These individual devices are called a botnet when pooled together to execute a concentrated attack. DDoS attacks are a significant threat for businesses because they are relatively cheap to originate, but can be costly and time-consuming to deal with when on the receiving end.

As The Register notes, there were three consecutive months of record-breaking HTTPS-based DDoS attacks through June of this year, with the most recent having been blocked by Google, who said the attack targeted one of their Cloud Armor customers and peaked at a massive 46 million requests per second (rps). For perspective, that was about 76% larger than the previous record DDoS attack that Cloudflare managed to defend against earlier that month. Google just completed its massive $5.4 billion acquisition of cybersecurity firm Mandiant, which will now merge into Google’s cloud business and strengthen their defenses against these sorts of disruptions even further.

Another unprecedented DDoS attack in June, combatted by cybersecurity firm Imperva, launched over 25.3 billion requests to a single target over the course of four hours. Though the size of this attack peaked at only 3.9 million rps, the duration of repeated requests was staggering. DigitalTrends notes that DDoS attacks exceeding the 1 million rps mark generally end after seconds or several minutes. The Hacker News writes that the attack was launched from a botnet that comprised nearly 170,000 different IP addresses spanning routers, security cameras, and compromised servers located in more than 180 countries.

In September, cybersecurity firm Akamai disclosed that they’d successfully detected and mitigated the largest DDoS attack ever launched against a European customer on their Prolexic platform. This attack was not the same as the HTTP-based attacks Google and Cloudflare fended off in June, rather Akamai lists the attack vector as a User Datagram Protocol (UDP) flood. Instead of utilizing requests, attackers utilize UDP packets to paralyze a server by flooding its ports. Traffic to the targeted organization spiked quickly and peaked at as much as 704.8 million packets per second (pps).

Akamai researchers have also flagged almost 79 million domains as malicious in the first half of 2022, based on a newly observed domain dataset. This is equivalent to approximately 13 million malicious domains being created per month.

Overall, Nexusguard research found that the number of DDoS attacks in the first half of 2022 increased by 75.6% compared to the second half of 2021.

Certain forms of cyberattacks will sometimes gain particular popularity and come in waves. When several exploits of a similar nature occur in a short period of time, that likely exposes a more widespread vulnerability among individuals and enterprise. The recent upswing in DDoS attacks likely follows this trend, which was also visible in the uptick of ransomware attacks last year.

In 2021, ransomware quickly became one of the most common terms in cybersecurity headlines following a high-profile attack on Colonial Pipeline Co. that forced the shutdown of 5,500 miles of US pipeline carrying nearly half of all fuel supplies on the East Coast and was only relieved after the pipeline firm paid a $5 million ransom to hackers. The very next month, that incident was followed up by a similar attack on JBS, the world’s largest meat company by sales, which shuttered multiple US plants and successfully extorted $11 million from the company.

This spate of attacks culminated in the same hackers that hit JBS launching another massive ransomware attack through a desktop management software owned by Kaseya Limited, which affected more than a million systems across at least 17 countries. The hacker collective known as REvil offered a universal decryption key for all of the data if a sum of $70 million was paid out, but the FBI was able to quietly obtain the decryption key without alerting the hackers, foiling the plot.

This targeting of critical industries has not gone unnoticed by regulators. As MRP wrote last month, cybersecurity regulations, including reporting requirements, are undergoing a rapid expansion in the US. Per Harvard Business Review, Federal agencies like the Federal Trade Commission (FTC), Food and Drug Administration (FDA), Department of Transportation (DoT), Department of Energy (DoE), and the Cybersecurity and Infrastructure Security Agency (CISA) are all working on new rules. In addition, in 2021 alone, 36 states enacted new cybersecurity legislation.

McKinsey notes the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), signed into law in March 2022, will require critical infrastructure companies to report all cybersecurity incidents, such as ransomware attacks, to CISA. In addition, the US Securities and Exchange Commission (SEC) in March 2022 proposed a rule requiring publicly listed companies to report to the SEC cybersecurity incidents, their cybersecurity capabilities, and their board’s cybersecurity expertise and oversight.

One factor that is playing a particularly strong role in boosting the occurrences of DDoS attacks is simmering international conflicts in Eastern Europe and Asia. Cybersecurity firm NetScout, cited by The Record, reports that, out of six million attacks monitored by the group in the first half of 2022, most incidents were an extension of Russia’s invasion of Ukraine or Chinese aggression toward Taiwan and Hong Kong. The attacks also used 57% more bandwidth than in the same period last year.