How DDoS attacks changed in 2024

[Father]

Over the past few years, not only the number of DDoS attacks has increased, but also their duration. What is a DDoS attack was learned by representatives of those areas that just a couple of years ago did not know about this phenomenon.

So, we can recall the wave of DDoS attacks at the end of February 2022. But there we are talking more about Russian resources. The number of such attacks is growing every day and around the world.

According to RTK-Solar, the longest DDoS attack in 2022 lasted three months, and in 2021 only a few days. What makes you think about the nature of rapid growth, and most importantly, how to protect yourself from various types of DDoS attacks. We will discuss this in more detail in our article. You will also learn about the most non-trivial cases of attacks over the past year.

Why are DDoS attacks growing in power and duration?​

Experts believe that the power and duration of DDoS attacks are primarily growing because a DDoS attack is the most affordable and cheap attack that literally anyone can organize. In the network and social messengers, you can find a lot of instructions "how to become part of a mass DDoS attack". An attacker does not need in-depth knowledge or equipment with high technical parameters to participate in a DDoS attack.

Sergey Polunin
Head of the Infrastructure IT Protection Group at Gazinformservis

Even if you don't know much about information security, the cost of such an attack on the darknet is estimated in the tens of dollars. You will be provided with a turn-key service to ensure that the site or any other resource fails for the required number of hours or days. Provided, of course, that the attacker does not prepare for the attack in advance.

Over time, the reasons for the growth and power of attacks change, new prerequisites and motives appear. So, the recent increase in attacks, among other things, is associated with an increase in the number of botnets – infected networks under the control of intruders – and the number of devices in them.

Dmitry Tsarev
Head of the BI.ZONE Cybersecurity Cloud Solutions Department

Targeted DDoS attacks using specialized utilities have also been active since last year. These attacks involve a tool that can be downloaded and run by anyone on a personal device or on leased resources. In this way, people deliberately become participants in botnets.

DDoS attacks achieve efficiency by using multiple compromised computer systems as sources of attacking traffic. The machines used may include computers and other network resources.

Ksenia Rysaeva
Head of Monitoring and Analytics at Innostage

When a victim's server or network is targeted by a botnet, each bot sends requests to the target's IP address, which can cause the server or network to overload, resulting in denial of service to normal traffic. Since each bot is a legitimate Internet device, it can be difficult to separate attacking traffic from normal traffic.

Experts note that the popularity of attacks is affected by the growing number of IoT devices, many of which have security problems and are exploited by attackers in their botnet networks to conduct attacks.

Vladislav Luzhnikov
Analyst of cyber fraud technologies (Deception) at R-Vision

Another factor is related to the fact that when preparing botnet networks, attackers take advantage of the fact that many home routers do not receive regular security updates or are not configured for automatic updates, which makes them vulnerable to intruders. Every year there are more and more such devices, and they are actively used for DDoS attacks.

Many factors influence the growth in the number of DDoS attacks. And this year their number and capacity continue to grow. So, in the first three months of this year, the total number of DDoS attacks increased by 22% compared to the same period in 2022, according to Qrator Labs. Classifieds, online learning platforms, and payment systems with banks were the most affected. Retail, real estate, and sports betting systems were the most targeted by bots.

Methods of protection against DDoS attacks​

DDoS attacks can lead to serious problems and consequences. So, they can provide unavailability of the resource and serious financial losses. Despite the constant modernization of methods by fraudsters, there are various methods of protection against DDoS attacks.

Traditionally, DDoS attacks are divided into several types. Some are aimed at the exhaustion of channel capacity, others – at vulnerabilities in the network protocol stack, and still others – directly at the application and computing resources. Different methods are effective against each type of attack, the goal of which is to reduce the load on the protected system. These methods can be used either separately or in combination.

Some steps to help protect yourself from DDoS attacks:

• filtering traffic at the network hardware level;
• using cloud-based DDoS protection services;
• using load balancers to distribute traffic;
• configuring server and application configurations to reduce vulnerabilities;
• organization of the protection mechanism through the installation of special software or hardware.

Sergey Polunin
Head of the Infrastructure IT Protection Group at Gazinformservis

The most effective thing that the information security industry can offer now is various cloud solutions that are able to detect malicious traffic and effectively block it in real time. Given that a modern DDoS attack can eat up the entire capacity of the attacked person's Internet channel, it is rather unpromising to try to solve this problem on your own. Usually, customers turn to specialized firms that will connect the company to their data center and monitor the situation 24/7, along with adjusting security measures.

Vladislav Luzhnikov
Analyst of cyber fraud technologies (Deception) at R-Vision

To protect against DDoS attacks, effective measures include the use of CDNs (Content Delivery Network) for load distribution, firewalls to block traffic from known botnets and anonymizers, and regular infrastructure security audits that allow you to close vulnerabilities in a timely manner and prevent the possibility of their use by intruders.

You can also apply methods to limit the traffic limits of individual applications, especially for heavy requests, to protect against attacks on L7.

It is equally important to instruct employees on how to respond to security incidents and train them in cyber hygiene.

Memorable Attacks 2022-2023​

For the most part, DDoS attacks are very primitive, which makes it doubly interesting to find non-standard cases that have been remembered over the past year. The DDoS attack of the Assist payment gateway is of great interest. As a result, Aeroflot was unable to accept payments for a week and a half.

Ksenia Rysaeva
Head of Monitoring and Analytics at Innostage

Sixty thousand bots simultaneously began to send UDP packets without any content to the IP address of the gateway. UDP preempted all legitimate packets, and the gateway was no longer accessible. Sometimes we switched to TCP flood, but here we need to first establish a connection in order to send "cluttered" traffic there.

Another memorable DDoS attack was carried out on the MIR payment system. Its goal was a possible failure in card service amid reports of a number of countries refusing to work with the Russian payment system. According to experts, hackers generated traffic through browsers or primitive DDoS tools. As a result, users experienced interruptions in the passage of payments and the operation of terminals.

Sergey Polunin
Head of the Infrastructure IT Protection Group at Gazinformservis

DDoS attacks are not particularly diverse, so it is difficult to call them particularly interesting. Usually of interest are the targets of attacks, in February in Russia, these were, for example, grocery retailers, and before that, e-commerce sites were popular targets. There are different motivations behind the choice of goals, but now there is an increase in hacktivism, and not any commercial interests, and this trend will probably continue.

In February of this year, the most powerful DDoS attack in history was recorded. It was recorded by the American company CloudFlare, which deals with information security. The attack used 30 thousand devices, which is not a record number. The number of requests per second was unique – 50-70 million (the previous record was 46 million).

Conclusions​

The popularity of DDoS attacks is growing due to the ease of use and the desire of ordinary people to try themselves as a hacker. Botnets are getting bigger and bigger, setting new records every year not only in terms of the number, but also in terms of the power of attacks.

DDoS protection tools remain mostly standard, since the attack method itself has not been changed and does not shine with creativity. Of interest are goals and consequences that can be unpredictable and fatal for the company. For example, a disabled payment system for a bank, without which it cannot function normally.

At a time when almost everything has moved online, DDoS attacks are extremely dangerous, as they can temporarily disable an application, website, or any system. Now it can be calculated in weeks, or even months. And time, in this case, smoothly but surely turns into lost money.