DDoS Attacks Surge as Outages’ Intensity Spikes by 233%: Expert Analysis

Why Trust Techopedia

The landscape of Denial-of-Service attacks, notorious for overwhelming websites and networks with malicious traffic, is evolving.  Despite being a well-known threat since the late 1990s, DOS, or — Distributed Denial of Service (DDOS) — attacks are often underestimated as fleeting inconveniences compared to more insidious threats like ransomware or spyware.

However, recent events and reports reveal that hacktivists and nation-state-supported groups use DDoS attacks to pressure government organizations, while ransomware gangs deploy them to pressure victims into paying.

Key Takeaways

  • DDoS attacks are becoming less frequent but more powerful, with a focus on crippling critical infrastructure.
  • Hacktivists and nation-state actors are increasingly using them for disruption and extortion.
  • The rise of sophisticated malware, powerful botnets, and zero-day vulnerabilities paves the way for future attacks.
  • Techniques like HTTPS floods and DNS amplification are becoming more common, making DDoS threats more complex.
  • Organizations need to prioritize DDoS mitigation strategies by implementing multi-layered defenses, leveraging DDoS mitigation services, and fostering industry-wide awareness.

DDoS Attacks: More Powerful, Less Frequent, and Targeting Critical Infrastructure

The recently released Nexusguard’s DDoS Statistical Trends Report 2024 found that criminals are shifting DDoS tactics. Computers and servers became the primary target of attacks — 92% of DDoS attempts, compared to only 68% in the previous year.

Additionally, attacks are becoming shorter and less frequent — but more powerful. While the overall count in attack frequency dropped 55% in 2023, the size of attacks grew 233%.

Donny Chong, Product Director at Nexusguard, told Techopedia that DDoS attacks may not hold the center stage that ransomware, deep-fakes, crypto attacks, stealers, and spyware do. Nevertheless, DDoS attacks are getting more dangerous every year.

“While the quantity of DDoS attacks is fairly steady, even decreasing, compared to other types of attacks, they are getting larger year-on-year.”

DDoS attacks can disrupt critical services including finance, communication, defense, and government. These downtimes in cyber warfare are designed to have a psyops effect.

Advertisements

For example, the Russian-group ATP 28, in their recent European hacking campaign (affecting Germany, the Czech Republic, Poland, and others), launched a DDoS attack against Kosovo’s government in response to the country’s support of military aid to Ukraine.

DDoS attacks are not always politically motivated. They can cause financial losses and reputational damage and spread confusion and chaos.

DoS Attacks: Cybercriminals’ Versatile Weapon

Another trend that experts have been paying close attention to since late 2023 is how criminals use DDoS attacks for different purposes. As mentioned, ransomware operators may use a DDoS attack to shut down the victim’s front-end systems, while others launch DDoS attacks demanding payment.

Additionally, DDoS attacks also serve as a distraction. An organization rushing to deal with the consequences of massive illegitimate traffic disrupting their business may be too distracted to notice cybercriminals stealing data and/or deploying malware.

By late 2023, it became clear that the Asia Pacific region was one of the most targeted by DDoS attackers. A report from StormWall found that this type of attack in the region had risen by 38% in the past year.

In Singapore, where the strongest DDoS attack was registered against a non-dentified e-commerce digital empire, it tools NexusGuard days to stop the attackers, who were leveraging the infamous Pandora and Moobot botnets.

Chong from NexusGuard said of the attack.

“This attack peaked at 700 Gbps and 79 million packets per second, utilizing a combination of Layer 3, 4, and 7 attack vectors. The preparation, length, scale, and sophistication of this attack highlights why DDoS remains a significant threat.

“The fact that such businesses are targeted, not to mention the increasing scale of these attacks, shows that DDoS is far from being a thing of the past.”.

New DDoS Tricks and Tech

The rise in zero-day vulnerabilities are driven by the increased rollout of apps, application programming interfaces (APIs), software, and OS updates, sided with the development of more sophisticated malware, along with the evolution of botnets which can drive powerful computation resources.

NexusGuard’s recent report highlights two attack vectors rapidly gaining traction. HTTPS Flood, attacks that mimic legitimate traffic, made up 21% of 2023 attacks, up from 12% in 2022. On the other hand, DNS Amplification saw the most significant rise, totaling 14% of 2023 attacks, up from just 2% in 2022.

This sharp spike and its potential to create large-scale disruption highlight a significant vulnerability in global internet infrastructure.

The fastest-growing threat category in 2023 was Application attacks (e.g. HTTP/HTTPS attacks from groups like Killnet), which rose 79% year over year in 2023 and comprised 25% of DDoS attacks.

No organization is immune to DDoS attacks that use these modern techniques. Even big tech companies like Microsoft have failed to prevent DDoS attackers.

Mark Dehus, Director of Threat Intelligence at Lumen Technologies, told Techopedia that the 2023 DDoS attack on Microsoft which impaired Microsoft 365 services such as Outlook, Teams, and One Drive, is a good example to understand the evolution of this criminal trend.

“It shows that even a major tech giant can become a victim, and while the types of DDoS attacks used were not necessarily novel, the volume of attacks combined with the unexpected use of numerous different types of resources for malicious traffic generation (VPS hosting providers, proxies, reflectors) allowed the threat to successfully defeat countermeasures in place.”

Migrating from Botnets to Proxys and More

DDoS attackers, which used to rely on botnets (thousands or more of infected computers working together under the control of a hacker), are now looking for new ways to create illegal malicious traffic.

Dehus from Lumen explained that DDoS botnet operators have realized that directly infecting hundreds of thousands of hosts has the potential to draw a lot of attention from the authorities and cyber-security researchers.

As a result, some have changed tactics to leverage a combination of resources such as virtual private service (VPS) providers that accept cryptocurrencies, or proxy servers that are either fully open and anonymous or also accept cryptocurrency.

“This enables the threat to both reduce overhead of bot management, but also fly under the radar of authorities and have a lower chance of getting caught,” Dehus said.

Hacktivists: Geopolitics and Conflict

Richard Caralli, Senior Cybersecurity Advisor at Axio, a company that equips businesses and governments to manage IT and OT threats and secure critical infrastructure, told Techopedia that DDoS attacks can certainly be used to cripple an organization’s operations.

“It’s useful to think of DDoS attacks as force multipliers as they can provide a sufficient level of chaos that magnifies opportunities to plant malware or exfiltrate data through other attack vectors by overwhelming and consuming resources.”

Organizations that operate industrial control systems or have their IT connected to their OT operations such as critical infrastructure industries, water, health, or energy, face greater risks against DDoS attacks.

“While DDoS attacks can certainly be used to cripple an organization’s operational capabilities (particularly when directed at industrial control systems), primary motivators for these types of attacks tend to align with activist causes (particularly in-the-news events) or are used as a diversionary tactic.”

For example, Sweden experienced “the highest jump in DDoS attack prevalence following its NATO membership.”

“And, during recent campus protests against the war in Gaza, many university websites were unreachable,” Caralli said.

What Can Be Done?

From using DDoS mitigation and tracking threats throughout the digital attack surface, to deploying multi-layer DDoS countermeasures, there are countless resources, applications, software, and services available to prevent modern DDoS attacks. However, Chong from NexusGuard says the focus needs to be awareness.

“Fundamentally, we need to do better collectively as an industry about raising awareness regarding basic cybersecurity hygiene and risks associated with DDoS attacks, as well as taking proactive measures in protecting digital assets.

“It’s also going to be important building resilience into digital infrastructure from inception to mitigate the impact of attacks — so that extends to things like diversifying network resources, adopting cloud-based DDoS mitigation strategies, and ensuring redundancy in critical systems,” Chong told Techopedia.

Application layer defenses are also increasingly important as threats shift to more complicated attacks.

The Bottom Line

The report from NexusGuard paints a concerning picture of the evolving DDoS landscape. The rise of sophisticated malware, powerful botnets, and zero-day vulnerabilities creates a fertile ground for future attacks.

The increasing use of techniques like HTTPS floods and DNS amplification attacks underscores the growing complexity of DDoS threats. The migration of attackers from botnets to proxy networks and VPS providers further complicates mitigation efforts.

These tactics allow attackers to remain anonymous and evade detection, and security professionals need to stay abreast of these evolving trends and adjust their detection and mitigation strategies accordingly.

Advertisements

Related Reading

Related Terms

Advertisements
Ray Fernandez
Senior Technology Journalist
Ray Fernandez
Senior Technology Journalist

Ray is an independent journalist with 15 years of experience, focusing on the intersection of technology with various aspects of life and society. He joined Techopedia in 2023 after publishing in numerous media, including Microsoft, TechRepublic, Moonlock, Hackermoon, VentureBeat, Entrepreneur, and ServerWatch. He holds a degree in Journalism from Oxford Distance Learning, and two specializations from FUNIBER in Environmental Science and Oceanography. When Ray is not working, you can find him making music, playing sports, and traveling with his wife and three kids.