Distributed Denial of Service (DDoS), cyber attacks that are usually executed fast for immediate profit, are lasting for days and even weeks, suggesting that they might have been conducted by ideologically motivated cyberactivists.
Compared to Q1 2021, the number of Distributed Denial of Service (DDoS) attacks in Q1 2022 rose 4.5 times, with a considerable number of the attacks likely to be the result of hacktivist activity. The attacks also showed an unprecedented duration for DDoS sessions, particularly those aimed at state resources and banks.
Distributed Denial of Service (DDoS) attacks are designed to interrupt network resources used by businesses and organisations and prevent them from functioning properly. They become even more dangerous if the compromised systems are in government or financial sectors, as these services being unavailable has knock-on effects that affect the wider population. Q1 2022 saw a sudden increase in attacks in late February as a result of the crisis in Ukraine.
Compared to figures from Q4 2021, which had been considered the all-time highest number of DDoS attacks detected by Kaspersky solutions, Q1 2022 saw the total number of DDoS increase by 46%, growing 4.5 times compared to the same quarter in 2021. The amount of “smart” or advanced and targeted attacks also showed a notable growth of 81% compared to the previous record from Q4 2021. The attacks were not only performed at scale but were also innovative. Examples include a site mimicking the popular 2048 puzzle game to gamify DDoS attacks on Russian websites, and a call to build a volunteer IT army in order to facilitate cyberattacks.
A comparative number of DDoS attacks: Q1 2022 and Q4 2021 as well as Q1 2021. Data for Q1 2021 is taken as 100%
Further investigation conducted by Kaspersky revealed that an average DDoS session lasted 80 times longer than those in Q1 2021. The longest attack was detected on March 29 with an atypically long duration of 177 hours.
A comparative duration of DDoS attacks: Q1 2022 and Q4 2021 as well as Q1 2021. Data for Q1 2021 is taken as 100%
“In Q1 2022 we witnessed an all-time high number of DDoS attacks,” says Kaspersky security expert Alexander Gutnikov. “The upward trend was largely affected by the geopolitical situation. What is quite unusual is the long duration of the DDoS attacks, which are usually executed for immediate profit. Some of the attacks we observed lasted for days and even weeks, suggesting that they might have been conducted by ideologically motivated cyberactivists.
“We’ve also seen that many organisations were not prepared to combat such threats. All these factors have caused us to be more aware of how extensive and dangerous DDoS attacks can be. They also remind us that organisations need to be prepared against such attacks.”
Kaspersky experts offer the following recommendations to stay protected against DDoS attacks:
- Maintain web resource operations by assigning specialists who understand how to respond to DDoS attacks.
- Validate third-party agreements and contact information, including those made with internet service providers. This helps teams quickly access agreements in case of an attack.
- Implement professional solutions to safeguard your organisation against DDoS attacks. For example, Kaspersky DDoS Protection combines Kaspersky’s extensive expertise in combating cyberthreats and the company’s unique in-house solutions.
- Know your traffic. It’s a good option to use network and application monitoring tools to identify traffic trends and tendencies. By understanding your company’s typical traffic patterns and characteristics, you can establish a baseline to more easily identify unusual activity that is symptomatic of a DDoS attack.
- Have a restrictive Plan B defensive posture ready to go. Be in a position to rapidly restore business-critical services in the face of a DDoS attack.
* Read more about DDoS attacks in Q1 2022 on Securelist.