DDoS attackers shift their targets

The latest global threat analysis report from Radware shows that DDoS attacks are being reshaped in terms of tactics, vector, size, complexity, and hacktivism.

The number of malicious web application transactions skyrocketed by 500 percent compared to the first half of 2022, while the total number of DDoS events decreased by 33 percent. This points to a change in DDoS attack patterns as attacks shift from the network layer to the application layer.

Radware's director of threat intelligence Pascal Geenens says:

The narrative for the threat landscape in 2023 is clear: a significant shift is taking place in Denial-of-Service attack patterns. The message to organizations is equally as clear: the focus now lies on proactively adapting to these evolving cyber threats.

Increasing numbers of bad actors are moving up the network stack from layers 3 and 4 to layer 7 with their sights set on compromising online applications and APIs as well as essential infrastructure. To launch attacks with even greater impact, control, and scale, also look for them to continue a steady transition from compromised IoT devices to cloud-based operations.

In the second quarter of 2023, the proportion of attacks featuring a DNS Flood vector climbed nearly twofold compared to the ratio of attacks in 2021 and most of 2022. The number of attacks larger than 100Gbps also rose sharply and the average complexity of attacks increased with attack size. Attacks above 1Gbps on average had more than two dissimilar attack vectors per attack, while attacks above 100Gbps had on average more than eight dissimilar attack vectors.

There's also been an increase in hacktivist-claimed DDoS attacks. Targets include India (674 attacks), followed by the United States (507 attacks), Israel (459 attacks), Ukraine (376 attacks), and Poland (297 attacks). Targets include government (1112 attacks), business/economy (1036 attacks), and travel (628) websites, which faced the most hacktivists attacks, followed by financial services (420 attacks) and health/medicine (329 attacks).

"Hacktivists are a major contributor to the dramatic increase in the volume and intensity of layer 7 attacks, and organizations across the globe are getting caught in the crosshairs," adds Geenens. "The effectiveness of these attacks has been significantly amplified as hacktivists rally patriotic volunteers and provide them access to crowd-sourced botnets, custom attack tools, and detailed attack tutorials."

Looking at the industries targeted, education bore almost a third (32 percent) of the DDoS attack volume, while service providers and technology accounted for 20 percent and 12 percent, respectively.

You can get the full report from the Radware site.

Image credit: stevanovcigor/depositphotos.com