Almost 8 million DDoS attacks launched in first half of 2023
Cybercriminals have launched approximately 7.9 million DDoS attacks in the first half of 2023, representing a 31 percent year-on-year increase.
A new report from NETSCOUT shows global events like the Russia-Ukraine war and recent NATO bids have driven recent DDoS attack growth.
It doesn't really seem to matter which side you're on either. Finland was targeted by pro-Russian hacktivists in 2022 during its bid to join NATO, but Turkey and Hungary were also targeted with DDoS attacks for opposing Finland's bid.
The report also sees a trend towards DDoS attacks against wireless telecommunications providers that incurred a 79 percent increase globally. That trend continues among APAC wireless providers in the first half of the year, with a 294 percent increase, which correlates to many broadband gaming users shifting their activity to 5G fixed wireless access as providers roll out their networks.
"While world events and 5G network expansion have driven an increase in DDoS attacks, adversaries continue to evolve their approach to be more dynamic by taking advantage of bespoke infrastructure such as bulletproof hosts or proxy networks to launch attacks," says Richard Hummel, senior threat intelligence lead, NETSCOUT. "The lifecycle of DDoS attack vectors reveals the persistence of adversaries to find and weaponize new methods of attack, while DNS water torture and carpet-bombing attacks have become more prevalent."
There’s been a resurgence in carpet-bombing since the beginning of the year, with a 55 percent increase to more than 724 daily, which NETSCOUT believes is a conservative estimate. These attacks cause significant harm across the global internet, spreading to hundreds and even thousands of hosts simultaneously. This tactic often avoids triggering high bandwidth threshold alerts which are used to flag up a DDoS attack.
A relatively small number of nodes are involved in a disproportionate number of DDoS attacks, with an average IP address churn rate of only 10 percent, as attackers tend to re-use abusable infrastructures. While these nodes are persistent, the impact fluctuates as adversaries rotate through different lists of abusable infrastructure every few days.
The full report is available on the NETSCOUT site.