Politically motivated DDoS attacks target critical infrastructure

Distributed Denial of Service (DDoS) attacks have become a dominant means of waging cyberwarfare linked to socio-political events such as elections, civil protests and policy disputes, according to the latest DDoS Threat Intelligence Report from NetScout.

Throughout the year, DDoS attacks have been intricately tied to social and political events, including Israel experiencing a 2,844 percent surge linked to hostage rescues and political conflicts, Georgia enduring a 1,489 percent increase during the lead-up to the passage of the 'Russia Bill', and Mexico having a 218 percent increase during national elections.

"DDoS has emerged as the go-to tool for cyberwarfare," says Richard Hummel, director, threat intelligence at NETSCOUT. "NoName057(16) continues to be the leading actor for politically motivated DDoS campaigns targeting governments, infrastructure and organizations. In 2024, they repeatedly targeted government services in the United Kingdom, Belgium and Spain."

DDoS-for-hire services have become more powerful using AI for CAPTCHA bypassing, with about nine in 10 platforms now offering this capability. Additionally, many employ automation to enable dynamic, multi-target campaigns and offer infrastructure exploitation techniques such as carpet bombing, geo-spoofing, and IPv6 to expand attack surfaces. Even the most novice operators can launch significant DDoS attack campaigns causing substantial harm.

Enterprise servers and routers have been exploited to intensify attacks and make remediation more challenging. Overall botnet populations declined by five percent but have demonstrated strong resilience despite concerted takedown efforts. Law enforcement takedowns, like Operation PowerOFF, continue to target DDoS-for-hire services but only temporarily disrupt attack platforms as new platforms swiftly take their place.

The rapid evolution of DDoS creates a challenge for defenders and those entrusted with protecting critical infrastructure networks and service availability. Enterprises, government organizations, and service providers are all targets. Successful defense strategies need to deploy proactive intelligence-driven methodologies and automation to deal with modern-day DDoS attacks effectively. Staying ahead of new threats demands that organizations outmaneuver an adversary that can force multiply its strength, speed, intelligence, and persistence like nothing the world has ever seen.

The full report is available from the NetScout site.

Image credit: Funtap/depositphotos.com